Dominic Jainy is a distinguished IT professional who has spent years at the intersection of artificial intelligence, machine learning, and blockchain technology. With a deep commitment to understanding how emerging technologies reshape industrial landscapes, Jainy has become a leading voice on the implications of frontier AI for national and corporate security. In light of recent warnings from the UK government regarding the rapid evolution of autonomous cyber threats, he provides a critical perspective on how organizations can navigate a world where software vulnerabilities are discovered and exploited in mere seconds. This conversation explores the shifting tides of digital defense, the necessity of executive-level accountability, and the practical steps businesses must take to remain resilient in the face of unprecedented technological acceleration.
Frontier AI capabilities are now doubling every four months, significantly outpacing previous growth rates. How should organizations adjust their long-term security roadmaps to handle this acceleration, and what specific metrics should leaders track to ensure their defenses remain relevant against such rapidly evolving offensive tools?
The acceleration we are witnessing is staggering, as the doubling rate for AI capabilities has compressed from eight months down to just four months. This shift effectively renders traditional three-year or five-year technology roadmaps obsolete, as the tools available to attackers will likely undergo nine generations of evolution within a single three-year cycle. Organizations must transition to a “continuous defense” model, where security strategies are reviewed quarterly rather than annually to keep pace with the UK’s AI Security Institute findings. Leaders need to move away from static metrics and instead track the “mean time to remediate” versus the “mean time to exploit” by autonomous agents. If your internal teams take weeks to patch a vulnerability that an AI model can exploit in minutes, the roadmap is fundamentally broken and requires an immediate infusion of automated response tools.
New experimental models like Mythos can autonomously discover software vulnerabilities and write exploit code at a speed and scale previously impossible. What immediate steps should companies take to protect their legacy systems, and how does this change the traditional approach to manual patch management?
The emergence of models like Anthropic’s Mythos signifies a paradigm shift because it automates what used to be rare, highly specialized criminal expertise. For legacy systems, which were often built without the foresight of autonomous threats, the immediate priority must be aggressive network segmentation and the implementation of robust “virtual patching” via web application firewalls. We have to recognize that manual patch management is no longer a viable primary defense when AI can scan and exploit a codebase at a scale that was impossible even twelve months ago. Companies must adopt AI-driven scanning tools that “think” like Mythos to find their own holes before an external actor does. This requires a cultural shift where security is viewed as a live, breathing process of constant discovery rather than a monthly checklist of software updates.
Cyber risk is shifting from a technical IT concern to a core boardroom responsibility that requires regular executive oversight. How can leadership teams effectively integrate the Cyber Governance Code of Practice into their operations, and what are the practical challenges when moving security discussions to the executive level?
As the technology secretary Liz Kendall recently emphasized, cyber security is no longer an “optional extra” but an essential component of running a modern, successful company. To effectively integrate the Cyber Governance Code of Practice, boards must stop treating security as a siloed IT issue and start treating it as a standard business risk, similar to financial or legal liability. The primary challenge is the language gap; executives often struggle to translate technical vulnerabilities into the language of business impact and operational downtime. To bridge this, leadership teams should appoint a dedicated board member responsible for cyber resilience who can facilitate regular, high-level discussions on threat landscapes. This ensures that when new models like Mythos debut, the board is already prepared with a strategic response rather than reacting in a state of panic when a breach occurs.
Attackers are increasingly targeting smaller businesses where defenses are often weaker than those found in critical infrastructure. For firms with limited budgets, what is the most effective way to utilize tools like the Cyber Essentials certification or early warning services to build a baseline of resilience?
It is a harsh reality that attackers gravitate toward where defenses are weakest, which often puts small and medium-sized enterprises directly in the crosshairs. For firms operating on a tight budget, the Cyber Essentials certification is the single most cost-effective way to establish a foundational security posture that deters the majority of automated attacks. Utilizing the NCSC’s Early Warning service is another critical, low-cost step that provides businesses with notifications about potential incidents affecting their networks before they escalate into full-blown crises. Smaller firms should also leverage the Cyber Action Toolkit, which provides a structured approach to building resilience without the need for an expensive, full-time security staff. By focusing on these high-impact, government-backed resources, small businesses can create a formidable “digital moat” that protects them from being easy prey for sophisticated AI tools.
Advanced technology groups are now providing select companies with early access to vulnerability data through initiatives like Project Glasswing. How should a business structure its incident response rehearsals to account for these “head start” programs, and what role does cyber insurance play in a modern mitigation strategy?
Initiatives like Project Glasswing are designed to give technology leaders a vital head start, but that advantage is wasted if the organization’s incident response plan is rigid or slow. Rehearsals must be updated to include “rapid disclosure” scenarios, where the team is forced to act on vulnerability data that might only be hours old, simulating the speed of frontier AI models. Cyber insurance has evolved from a simple safety net into a proactive driver of better security standards, as insurers often require proof of robust policies and regular rehearsals before granting coverage. Businesses should view their insurance providers as partners in risk management, utilizing the data and forensics services they offer to refine their mitigation strategies. When an insurance policy is paired with early-access data, a company transforms its defense from a reactive posture into a predictive one, significantly lowering the potential for catastrophic loss.
What is your forecast for AI-driven cyber security?
I anticipate that we are entering an era of “autonomous friction,” where AI-driven defenders and AI-driven attackers will be locked in a constant, high-speed arms race that operates largely beyond human intervention speeds. Within the next year, we will see the widespread adoption of self-healing networks that can identify and close vulnerabilities in real-time as they are discovered by models like Mythos. However, the gap between the “cyber-haves” and “cyber-have-nots” will widen significantly, as those who do not invest in AI-augmented defenses will find themselves completely defenseless against the sheer volume of automated exploits. Ultimately, the most successful organizations will be those that integrate AI into every layer of their security stack, moving away from human-led monitoring toward a model of human-supervised autonomous defense. This shift will make traditional hacking much more difficult, but it will also raise the stakes for any minor oversight, as even a small window of vulnerability can be exploited instantly by the next generation of frontier models.