Dominic Jainy stands at the forefront of the intersection between artificial intelligence and digital infrastructure. As an IT professional with deep roots in machine learning and blockchain, he has watched the cybersecurity landscape shift from manual patch management to the era of automated, frontier-level defense. With the European Union’s Cyber Resilience Act looming and new AI models capable of rewriting code in real-time, Dominic offers a critical perspective on how organizations must adapt to a world where software vulnerabilities are no longer an excuse, but a liability. Our discussion delves into the transition toward security-by-design, the massive investments being poured into specialized foundational models, and the urgent need for a coherent AI strategy to survive the next two years of evolving threats.
With frontier AI models now capable of identifying and patching software glitches at scale, how should development teams restructure their internal workflows? What specific metrics should they track to ensure these automated fixes don’t introduce new regressions or “shadow IT” complexities?
The arrival of models like Claude Mythos and GPT5.5-Cyber has fundamentally stripped away the “ignorance defense” for software vendors. Development teams must move away from reactive patching and instead integrate these frontier models directly into the CI/CD pipeline to identify glitches at an unprecedented speed. It is no longer enough to run a weekly scan; the workflow must be a continuous loop where AI-generated fixes are verified by automated regression suites before a human even sees the ticket. To manage this without spiraling into “shadow IT” chaos, teams need to track the “uniformity of assurance” across all products, ensuring that every piece of code meets the same rigorous standard. We must also measure the delta between vulnerability discovery and automated resolution, as the goal is now near-instantaneous remediation that leaves no window for adversary misuse.
Compliance deadlines for the Cyber Resilience Act are approaching, with reporting mandates starting in late 2026. How can companies transition toward “security by design” to avoid future litigation risks? What step-by-step measures ensure that these security defaults become a core part of your business model?
Adopting “security by design” is effectively your license to do business in the modern market, especially with the September 11, 2026, reporting deadline fast approaching. Companies need to start by auditing their current software architecture to ensure that cybersecurity defaults are baked into the product from the first line of code, rather than added as a peripheral layer. This transition requires a phased approach: first, establishing a transparent reporting structure for vulnerabilities, followed by full compliance with the CRA’s main obligations by December 11, 2027. If you aren’t using AI to proactively hunt for these flaws now, you are essentially waiting to be litigated because the legal expectation is that you should have seen the problem coming. It is a high-stakes shift that turns security from a technical checkbox into a foundational element of corporate governance.
Adversaries are increasingly using specialized AI to exploit poorly coded systems before traditional patches are even deployed. How can vendors utilize a layered AI stack to create more uniform software assurance? Could you share an anecdote regarding how these automated defenses handle sophisticated, multi-layered attacks?
A layered AI stack acts as a multi-tiered safety net, ensuring that even if one vulnerability exists, it doesn’t lead to a total compromise. By using specialized AI to drive vulnerabilities out of products during the development phase, vendors can achieve a level of uniform software assurance that was previously impossible with manual reviews. I recall a scenario where a system was hit by a multi-layered attack targeting a legacy glitch; while the primary defense was bypassed, the secondary AI layer detected the anomalous behavior and isolated the affected segment within milliseconds. This type of sophisticated response proves that a coherent AI strategy is the only way to stay successful over the next year or two. Without that layered defense, a single poorly coded system becomes an open door for any adversary with a basic AI toolkit.
Large-scale investments are currently targeting the development of cybersecurity-first foundational models and next-generation Security Operations Centers (SOCs). What are the practical challenges of training these specialized models? How do these foundational tools differ from general-purpose AI when protecting high-stakes enterprise environments?
The €40m investment recently announced by firms like ESET highlights the massive shift toward cybersecurity-first foundational models that are purpose-built for the SOC of the future. The primary challenge in training these specialized tools is the need for high-fidelity, domain-specific data that goes far beyond what general-purpose AI typically encounters. Unlike a generic chatbot, a cybersecurity foundational model must understand the nuance of exploit chains and the subtle signatures of stealthy exfiltration. These models are designed to be more resilient and less prone to the “hallucinations” that plague general AI, providing a dependable backbone for high-stakes enterprise environments. They act as a dedicated expert rather than a generalist, focusing entirely on the speed and scale of defense in an increasingly hostile digital climate.
What is your forecast for AI-driven software security?
We are moving toward an era of “autonomous resilience” where the window between a vulnerability’s creation and its remediation shrinks to zero. In the next few years, I expect to see a total convergence of development and security, where AI models like GPT5.5-Cyber don’t just find bugs, but actively prevent them from being written in the first place. The cost of failure will rise sharply as the EU’s reporting mandates take hold, forcing every serious vendor to adopt a layered AI stack or face obsolescence. Ultimately, software will become “self-healing,” and the companies that thrive will be those that viewed AI not as a luxury tool, but as a mandatory component of their business license. It is a future where the adversary’s advantage is neutralized by a defense that is as fast, creative, and scalable as the threats it faces.