[DigitalToday reporter Chi-gyu Hwang (황치규)] As concern spreads over cyberattacks that abuse advanced AI models, calls are growing for companies to change the priorities of their security strategies.

According to the related industry, as AI makes it possible to find software vulnerabilities faster, zero-trust security strategies are becoming more important. The focus is on minimising the time vulnerabilities are left exposed without defence and on preventing spread even if an attack occurs.

Anthropic, which has emerged as an issue-maker in the security field with its AI model Mythos, stresses the need to create processes to manage vulnerabilities found at scale by AI models. In a report summarising results from companies that used Mythos for security for one month, Anthropic said, "Advances in software security used to be about how quickly new vulnerabilities are found, but now depend on how quickly AI-discovered vulnerabilities are verified, disclosed and patched."

ㆍAnthropic releases Mythos one-month results: "Need a full overhaul of patch processes"

Security company Cloudflare warned that as AI finds vulnerabilities quickly, "many security teams set a goal of patching within 2 hours after vulnerability disclosure, and that can be risky if you only look at speed." It added, "Skipping regression testing can create problems more serious than the original bug." It said architecture that makes it hard for attackers to exploit a bug matters more than speed.

ㆍCloudflare talks about the power and limits of Anthropic's Mythos

Governments are also showing more interest in AI model-based security. South Korea will participate in a cybersecurity council operated by OpenAI. It is the first case in Asia along with Japan. OpenAI confirmed South Korea and Japan at the same time as Asia's first partners for its Government Trusted Access for Cyber, or GTAC, programme. It is the third globally after the United States and Canada. OpenAI says it will open its cybersecurity programme to more countries and institutions than Anthropic.

ㆍGovernment joins OpenAI's GTAC, first in Asia along with Japan ㆍOpenAI CSO: "GTAC is broader than Anthropic Glasswing"; South Korea and Japan confirmed as partners simultaneously

It also summarised moves and issues surrounding security by companies at home and abroad.

Hanssak will strengthen its "integrated security model" as it aims to shift to AI and the National Network Security Framework, or N2SF. Hanssak Group plans to provide a full-stack integrated security system encompassing AI and cloud infrastructure, virtual work environments, security solutions, and operations and management services.

CryptoLab held a joint research and development agreement ceremony with KT and will develop a medical-specialised multi-modal agentic AI solution technology based on AI security technology. Clucus, a cloud specialist focused on data and AI, will provide Korean companies with an AI-based SOC operating model to advance cloud security operations after forming a partnership with AI SOC platform company Panther.

HancomWith launched "Hancom xCAuth," an authentication solution that verifies risk by analysing context information such as user behaviour, environment and devices in real time based on AI. Genians will enter the quantum security market in earnest as part of its Zero Trust 3.0 strategy. Genians plans to secure independent quantum security technology capable of competing with global top-tier players and to gain strong dominance in the quantum security market in the future.

ㆍHanssak unveils integrated security model targeting AI and N2SF ㆍCryptoLab cooperates with KT to co-develop medical insurance review automation solution with "encrypted AI" ㆍClucus partners with global security firm Panther to expand AI SOC platform in South Korea ㆍHancomWith unveils zero-trust authentication solution "Hancom xCAuth" ㆍGenians enters quantum security market in earnest, grows "new growth engine"

IBM and its subsidiary Red Hat will invest 5 billion dollars to secure the open-source software supply chain and launch "Project Lightwell."

ㆍIBM-Red Hat to invest 5 billion dollars in open-source supply chain security, launch "Project Lightwell"

Enterprise identity security company SailPoint will introduce a new connector that integrates with Anthropic's Claude Enterprise Compliance API. The SailPoint Claude Compliance API connector provides visibility and governance so companies using Claude Enterprise can securely manage access to and use of AI platforms. Zscaler will acquire enterprise data asset monitoring startup Symmetry Systems. Zscaler plans to integrate Symmetry Systems' AI agent governance functions into its Zero Trust Exchange product. It aims to automatically adjust security controls using AI agent activity data collected by Symmetry Systems.

ㆍSailPoint adds new integration with Claude Compliance API to support enterprise AI governance ㆍZscaler acquires Symmetry Systems to target AI agent security

AI-based email security startup Ocean emerged from stealth mode and raised 28 million dollars. Ocean developed a platform in which specialised AI agents inspect each inbound email. Its platform detects threats by having AI agents assess sender intent, understand conversation context and review evidence from conversation history.

ㆍAI email security startup Ocean emerges from stealth mode, raises 28 million dollars

Cisco shared results from an experiment using AI to write reports for security incident response drills. It concluded that time is saved but risks are also high.

ㆍCisco tried writing security incident reports with LLMs: "Time cut, but hallucination risk remains"

Hiring of cybersecurity professionals is increasing as AI spreads. Some headhunting firms say demand for cybersecurity talent is so high that they are turning down client requests because they cannot find qualified candidates.

ㆍHiring surge in cybersecurity experts after FDE: "No people even if we want to hire"

The National AI Strategy Committee, the Ministry of Science and ICT, the National Intelligence Service and the Korea Internet & Security Agency, or KISA, will push a pilot project for a "vulnerability always-on reporting and action system" to build a safe and transparent security ecosystem.

ㆍWhite hackers to find vulnerabilities 24 hours a day; government to run pilot for always-on reporting and action system