Radically reshape your cybersecurity to unlock enterprise AI

This HFS Research Highlight is for CISOs and security leaders rebuilding their cyber function into VulnOps to deploy agentic AI safely at scale.

A year ago, HFS warned that “the moment AI systems decide and act instead of merely assisting, you’ve crossed into a zone that your current oversight model likely can’t handle.” Anthropic’s Mythos and the arrival of OpenClaw’s agentic flows to action have made that moment now. This moment demands a radical new approach to cybersecurity that may also prove the true unlock for agentic AI in the enterprise.

Three clear signals demand CISOs step up

Zenity’s full-day San Francisco Agentic AI Security Summit provided three telling signals:

• Mythos makes vulnerability discovery every company’s problem. Once nation-state-scale resources were required, and reserved, for big targets. Soon, every mid-size bank in America and beyond must prepare for once-a-year attacks coming every day.
• OpenClaw saw malicious skills launched within weeks of its development, making vulnerability discovery every person’s problem. Your cash, IP, and production databases are all exposed.
• Cursor runs an auto-patch operating model staffed by agents. This makes maintenance an always-on function.

Overhaul security to make agents deployable at scale

Cybersecurity must shift from being seen as the brake on enterprise AI to the discipline that makes autonomous systems work at scale. It is no coincidence that IBM and Red Hat have picked this moment to commit $5 billion and 20,000 engineers to fix the open-source security layer. Reshape your cyber function, and you scale agentic. Don’t, and you’ll spend 2026 governing yesterday’s threats with last decade’s playbook.

Jim Reavis, CEO of the Cloud Security Alliance, presented data on Anthropic’s Mythos Preview. It identified nearly 3,900 high- or critical-severity vulnerabilities in open source alone. Every defender must now assume nation-state capability is aimed at every asset. The 30-day patch SLA is over (India’s CERT has moved to 12 hours). Annual tests are over. Common Vulnerabilities and Exposures (CVE)-prioritized vulnerability management is over.

Jenn Gile of OpenSourceMalware delivered demand-side proof. Before January 2026, AI skill registries did not exist. Within weeks of ClawHub’s launch, more than 700 malicious skills were live with payloads that “fire every time your agent runs, not just on install.” Skills are in natural language, so static code analysis fails. Third-party scanner badges create false trust. The payload moved out of the skill into a linked site, triggered at runtime, a threat only a cyber expert would spot.

The role of security shifts from gatekeeper to builder

Michael Bargury, co-founder and CTO of Zenity, warned that the industry had wasted three years rebranding agentic risk over and over, variously a shadow AI, data, identity, cloud, or inventory problem. Every agent that his team has tested has been hackable. The new unit of security, he argues, is intent, and must be evaluated continuously. Why did an agent do a thing at runtime? The role of security changes to “getting the thing to work.”

Reavis captured the cultural shift: “The fastest growing job title in cybersecurity is going to be builder.”

Travis McPeak, head of security at Cursor, challenged conventional thinking that “Security is everyone’s job,” calling it an abdication. The team that gets blamed for the breach has to own the outcome. Cursor’s operating model demonstrates the agent-heavy approach most firms will need to adopt: AI-triaged vulnerability intake, three independent agents tracing reachability, auto-patch and auto-merge, with the safety rails built by security itself. Cyber becomes the team that builds the autonomous fix loop, not the team that nags developers.

CISOs must act now and embrace VulnOps

Exhibit 1: Gadi Evron says every enterprise should set up agentic-led VulnOps to keep pace with the threats of the post-AI age

Source: HFS Research, 2026

Gadi Evron, founder and CEO of Knostic AI and CISO-in-Residence for AI at the Cloud Security Alliance, names the new discipline VulnOps: a continuous, machine-speed triage and remediation loop with human-in-the-loop oversight. Think of it as DevOps for the threat surface.

Every enterprise should stand up its own VulnOps, with these guiding principles:

1. Make intent, not authorization, the unit of runtime monitoring, tracked in every agent, every session, and every run.
2. Stand up agentic auto-triage and auto-patch with the safety rails owned by security itself, on the Cursor pattern.
3. Treat every consumed model, skill, or agent registry as compromised by default until experts sign off.
4. Move CISO time from gatekeeping to building those rails.
5. Stop diffusing the security mandate across people who should not be expected to see the threat.

Lightwell brings VulnOps into production for open-source security

IBM and Red Hat just announced Project Lightwell, a $5 billion commitment and a 20,000-strong engineering force, augmented by frontier AI, to stand up a trusted enterprise clearinghouse for open-source security. This promises AI-assisted vulnerability triage at industrial scale, validated patches with enterprise-grade lifecycle management, and upstream disclosure, all packaged as a commercial subscription.

It builds on Anthropic’s Project Glasswing and OpenAI’s Trust Access for Cyber, so the major labs and major SIs (systems integrators) are coordinating on a shared response. Early adopters include Bank of America, BNY, Citi, and Goldman Sachs; financial services is bought in.

This can be read as the first VulnOps program of real consequence in production. But it does not address the runtime-intent problem Bargury raised, or the agent-registry trust problem Gile raised. Lightwell is a foundation. The rest is on you.

The Bottom Line: Shape your own version of VulnOps, and do it now.

VulnOps gives your cyber estate the contextual and predictive postures HFS describes in our 2025 Cybersecurity Horizons report and allows your enterprise to run autonomous systems at the rate the market is shipping them.

Security is the unlock for enterprise AI. IBM, Red Hat, and their early adopters have committed $5 billion with that in mind. The question every CISO needs to answer now is whether the enterprise will run a VulnOps program of its own or wait to be carried by someone else’s.