Preemptive Threat Exposure Management in the Age of AI

AI Frontier Models and the Future of Vulnerability Research

With the introduction of Mythos and other frontier AI models, there has been a flood of media coverage and hype about what these technologies could mean for the security industry. This has left many organizations trying to understand what it means for them and how they can best prepare for the impact of these models.

Over the last year, we have seen the vulnerability research industry pushed forward by new capabilities that frontier AI models have brought to bear. With models such as Opus 4.6, and later GPT 5.5, the research community has used these tools effectively to identify zero-day vulnerabilities in software. In particular, they have dramatically accelerated the speed at which these vulnerabilities are found.

Even though these new capabilities are well understood by security researchers, there is still a gap between understanding the models themselves and practically applying them to secure enterprise attack surfaces in the broader security community.

When AI Creates Noise Instead of Signal

We see these models as enablers for what our teams already do, allowing us to push into new areas and identify more issues, faster.

While we see these models as accelerants for our work, we have also seen how using them in isolation and without proper context can create a lot of noise and reduce focus for security teams. In the last year, bug bounty and vulnerability disclosure programs have been flooded with low-impact AI-generated findings, prompting a number of organizations and open-source projects to stop accepting AI-generated reports altogether.

This is largely due to the high volume and low quality of many of these findings. Many reports falsely categorize the severity and impact of issues, generating excessive noise for response teams that are already struggling to focus on the security problems that actually matter.

In some cases, frontier models have generated entire vulnerability chains that simply do not exist. Even skilled operators can be tricked into spending several hours investigating an exploit chain that will never work in practice.

More than ever, the world needs skilled security researchers who can use AI effectively with the right context, so that the acceleration from these models can be fully realized.

We believe these models should elevate our thinking, not replace it. That’s one of the reasons we have been intentional about focusing on outcomes rather than marketing slogans about being “AI enabled”. We care less about the buzzword and more about whether our use of AI leads to better protection for our customers.

Inside Searchlight Cyber’s AI‑Accelerated Security Research

For background, the Searchlight Cyber Security Research team has been using frontier AI models in production security research for over a year, with privileged access to these models from Anthropic and OpenAI specifically for security research.

We have used these capabilities to accelerate the discovery of critical zero-day vulnerabilities in widely deployed enterprise software, and we are extending the same capabilities across our platform’s detection, API security, agentic interfaces, threat intelligence, and engineering workflows.

Customers are already benefiting from this in multiple ways: faster discovery of issues that matter, broader detection coverage, earlier visibility of emerging threats, and a platform that continues to evolve at the pace of the threat landscape.

Historically, our research teams performed their work through manual investigation and close interrogation of source code. Now they can leverage these models in a highly targeted way, allowing them to perform deeper analysis across much larger datasets and codebases.

Tasks that previously took days of focused human review can now be staged and parallelized across model-assisted analysis, with researchers focusing their judgment and intuition on the areas that matter most. Several recent critical-severity disclosures to vendors including Oracle, ServiceNow, and Adobe were accelerated by having frontier models in the loop.

The recent ServiceNow remote code execution chain is a good example. If exploited, this issue would have enabled full compromise of any internet-facing ServiceNow instance and pivoting into internal networks via MID servers. This is the depth of research our team routinely produces, and it has significantly more practical impact on enterprise environments than many of the findings publicly attributed to AI-only research efforts to date.

We have not only used these models to identify new issues but also to speed up the creation of custom mitigations that our customers can use to protect themselves well ahead of public fixes or mass exploitation.

How Elite Researchers Really Use Models Like Mythos

If we look at recent coverage, there has been a lot of focus on vulnerabilities “discovered by AI”. However, most of these articles fail to explain the prompts and direction provided by experienced researchers behind the scenes.

These vulnerabilities were not discovered by someone simply prompting, “go find a vulnerability in X software.” As mentioned earlier, we have seen that running such models against large attack surfaces without context, instinct, or understanding is an endeavor that leads to significant token burn and high costs without meaningful outcomes.

That said, there has been some excellent work by other teams that shows what is possible. For example, the CTO of Mozilla wrote about testing Claude Mythos on a not-yet-released version of their browser. Mozilla has an experienced security research and red team that would previously have performed this testing manually. By leveraging the new model, they were able to identify a number of new vulnerabilities.

Once again, this is targeted work by an elite research team, not a casual experiment. The CTO of Mozilla, while impressed, still noted:

“Encouragingly, we also haven’t seen any bugs that couldn’t have been found by an elite human researcher. Some commentators predict that future AI models will unearth entirely new forms of vulnerabilities that defy our current comprehension, but we don’t think so.”

Mozilla has an elite research team because they are developing a browser that is critical to millions of users and many organizations.

Some of our customers do not have their own red teams, pen testers, or research teams. Even when they do, those teams are often focused on internally developed systems rather than the wider ecosystem of enterprise software.

This is where partnering with an organization that has its own elite research capability becomes crucial. It allows organizations to benefit from these advances without having to build that research capability in-house.

Where Attack Surface Management Fits

We see these models as enabling us to continue executing on our vision for attack surface management, which has always been centered on speed, signal, and context – and underpinned by deep technical security research.

A frontier model on its own is not particularly helpful, nor is a single piece of research in isolation. What turns this into a real defensive capability is the ability to tie everything together: the layer that knows what you own, what has changed, what is exposed, what is exploitable, and what to do about it.

This is where Searchlight Cyber’s platform is uniquely positioned to take advantage of the speed and scale offered by these models.

Why Legacy ASM Tools Can’t Keep Up

As we think about the next evolution of this space, and how AI can help us continue to push the envelope, it is worth reviewing the current state of the wider market.

Our Assetnote team were the original pioneers of the ASM space and coined the term “Attack Surface Management” back in 2019. However, the broader market, and the expectation for what is defined as ASM today is very different from what their original vision was and what our platform has provided since.

Most other tools do not put significant focus or investment into security research, speed, or signal. They are primarily focused on the discovery and mapping elements of ASM. While discovery is an important foundation, it only tells you what is out there. It does not tell you where to focus or which security issues are the real priorities you should act on.

Our belief has always been that discovery is not the end goal. The outcome you want is to identify which assets and exposures pose real security risk to the organization.

To do that, simply discovering a list of assets is not enough. You need to understand what is running on them at any given time, how they connect to internal systems, where they sit in the organization, and how they intersect with emerging threats.

The modern attack surface is constantly changing and evolving, and assets need to be continuously monitored for changes and tested for exploitable issues that have real-world impact.

Given the high rate of change, high-frequency monitoring and updates are essential. As new assets are exposed to the internet, they should be tested for security issues immediately so that risks are identified by the organisation, rather than an attentive attacker.

The fastest we have seen any other tool operate is daily, which is significantly slower than the hourly monitoring that underpins our platform. That daily cadence leaves a huge gap for the other 23 hours each day while the attack surface changes.

If other tools cannot keep up with today’s rate of change, how can we expect them to fully take advantage of new AI models and genuinely help customers stay at the forefront of defense?

Preemptive Threat Exposure Management

With the speed and context that our platform is known for, the introduction of frontier models only helps us move even faster.

While ASM remains a key use case of our platform, many customers have highlighted that Searchlight goes so much further and enables them to preemptively respond to new threats and issues.

Through early access to zero-day research, exploit intelligence, and custom mitigations, customers can protect themselves well before public patches, fixes, or mass exploitation.

A better way to characterize the next evolution of our platform is Preemptive Threat Exposure Management. This more accurately represents the outcomes our customers achieve, and better embodies our original vision as we continue to build for the future.

What This Means for Security Teams

The introduction of cybersecurity-specialized frontier models is a positive development for defenders when used in the right context. Searchlight customers are already benefiting from this today through our unified platform and will continue to benefit from the increased speed of research and development.

Over the last seven and a half years, our team has built one of the most efficient, scalable, and reliable scanning engines in the industry. One that is able to identify vulnerabilities rapidly across hundreds of thousands or even millions of assets, on an hourly cycle.

Even before AI, no other platform came close to this combination of speed, scale, responsiveness, and depth of research when it comes to detecting the newest zero-days, N-days, or other issues being actively exploited.

Our existing capabilities. combined with privileged access to frontier models and an experienced research team, have allowed us and our customers to stay ahead of the curve as the threat landscape continues to evolve.