Two reports offer differing viewpoints. One suggests a failure of tools to provide what security teams really need. The other suggests the tools exist but are not properly managed.
The industrialization of cybercrime threatens to overwhelm cyber defense. It’s a process that started before the arrival of ChatGPT, was supercharged by the age of AI, and is now typified as the post-Mythos era. It’s a time when defenders must improve their performance or cede the battleground to the adversary. Applications are the battlefield. The speed, scale and sophistication of AI-assisted attacks is difficult to contain.
“AI is not just creating more vulnerabilities. It is exposing the fact that companies cannot fix known vulnerabilities fast enough,” explains Daniel Shechter, CEO and co-founder at Miggo Security. “For years, security programs have been measured by how well they find risk before software goes live. Frontier AI like Mythos changes the question. If attackers can move from disclosure to exploit in hours, boards and CISOs need to understand how long the business remains exposed, and what can be done to mitigate quickly and efficiently.”
The Cloud Security Alliance (CSA) State of Modern Application and AI Security report (PDF), commissioned by Miggo and published on June 2, 2026, confirms and explains this new reality. CSA surveyed more than 900 cybersecurity leaders and found that vulnerabilities in this post-Mythos era are evading the pre-production phase while 82% of organizations lack effective runtime visibility.
“The real challenge begins once applications are in production, where security teams must rapidly determine which exposures are truly exploitable, prioritize the risks that matter most, and respond before attackers can take advantage,” suggests Daniel Shechter, CEO and co-founder at Miggo Security.
Most breaches are driven by known vulnerabilities. Eighty percent of the companies surveyed have suffered at least one incident involving a known vulnerability in the last year. If it is known, it is almost certainly patchable; but in the post-Mythos era there are too many patches to handle. The biggest problem is knowing which of those vulnerabilities are exploitable and most urgently need patching.
Only 9% remediate critical vulnerabilities within 24 hours; with74% take one to seven days. Patch time is important: Organizations taking four or more days had a 97% incident rate. Those taking three or less had a 67% rate. The implication is that patch rates must be increased and exploitable vulnerabilities better understood – and preferably both.
It gets more complicated, and urgent, in runtime, which is described as the breach battlefield. Most organizations only know what happened after reconstructing the event after the horse has bolted. Most (73%) would adopt virtual patching if they had better confidence in minimal false positives; but only 17% configure WAFs for automatic blocking, with 56% citing a lack of application context as the reason.
Because of the runtime difficulties, there is an intention by 42% of the organizations to increase investment in runtime monitoring and protection over the next few years. But since protection is always better than cure, the bulk of investment (52%) remains in pre-production such as CI/CD build protection.
The potential solutions are clear. Improved visibility into vulnerability exploitability together with better all-round contextual understanding of the application concerned – and its effect on business stability – would allow autonomous patching for many vulnerabilities and confidence in increased automated blocking.
A separate FireMon Insights report, also published June 2, 2026, suggests that concern over the automated use of firewalls as a security barrier is unsurprising but at least partially due to a lack of human oversight. FireMon discusses firewalls in general, but the same principles will apply to WAFs.
“Firewall complexity is no longer just an operational problem. It is a control problem,” says Jody Brazil, CEO at FireMon. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”
It concludes that manual policy management is inefficient and allows risk across the attack surface to continue to expand rapidly, primarily due to an environment in which high severity policy failures persist over extended periods of time, and are exacerbated by unused and redundant rules.
FireMon suggests a failure in human management rather than firewall capability. For example, 45% of firewall rules lack an owner or documentation, 17% are redundant or shadowed, and 69% are unused.
“Firewall complexity is no longer just an operational problem. It is a control problem,” adds Brazil. “Security teams have massive investments in firewalls, cloud, and segmentation platforms, but without control of policy those environments become difficult to manage securely. The problem is no longer lack of tools. It is lack of operational control.”
While this suggests a route toward better usage of firewalls, it doesn’t discuss or explain the fear that contextually incorrect blocking rules might adversely affect business operations – which lies at the heart of improving application security.
The two reports are, however, slightly at odds. The CSA report suggests the problem is a failure of security tools to provide the solutions really necessary, while the FireMon report suggests the tools exist, but are not being properly managed.
Related: Anthropic Unveils ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks
Related: The Hidden ROI of Visibility: Better Decisions, Better Behavior, Better Security
Related: New Class of CI/CD Attacks Could Have Led to PyTorch Supply Chain Compromise
Related: Microsoft to Enable ‘Windows Baseline Security’ With New Runtime Integrity Safeguards
