[DigitalToday reporter Hwang Chi-gyu] "In an era when AI automates the entire process of cyberattacks, corporate patch management systems also need a fundamental change."

Global endpoint security and IT operations management company Tanium Korea held a news conference on Monday on corporate security strategies in the post-Mythos era. It said patch management must be overhauled around AI-based automation as AI speeds up cyberattacks.

It said existing patch processes are not enough to handle such attack trends.

Kang Doo-won (강두원), a director at Tanium Korea, said attacks once required top security experts and specialized skills, but AI now handles the entire process from code analysis and vulnerability discovery to exploit code generation and deployment. He said it used to take 3 days from vulnerability disclosure to large-scale attacks, but it is now down to a few hours and, in the latest cases, about 30 minutes. He said defenders face a different reality because human decision-making is involved at every step, from identifying vulnerabilities and confirming the person in charge to surveying affected assets, requesting changes, approvals, applying patches and verifying results. Statistics show it takes an average of 60 to 150 days to process a single patch, he said. He stressed that responding to AI-driven security threats is not a technology issue but an operations process issue.

Tanium Korea also laid out the costs caused by patch delays. The average cost to handle a single security incident is about 4.83 billion won, and losses can be larger if it leads to service outages.

Kang said simply increasing speed is not the answer. He said a speed-only approach makes it hard to verify patch stability, can increase asset risk and also makes regulatory compliance more difficult. Adding more people does not make speed increase in proportion, he said. He offered "policy-led automation" as an alternative. People design policies, systems execute them and verify results in real time, he said. He said human intervention not only slows processes but also makes patch rates vary depending on the person in charge. Systems must operate consistently based on clear standards, he said.

Tanium provides what it calls Autonomous Patch Management, or APM, to help companies automate patch management.

APM has three pillars: real-time visibility, policy-based autonomous execution, and verification and continuity. On real-time visibility, Kang said it automatically assesses risk by combining factors including internet exposure, asset criticality, whether vulnerabilities are being exploited, Common Vulnerability Scoring System ratings and patch file reliability.

On policy-based autonomous execution, he said the system executes patches based on predefined policy standards rather than having a person push a button. On verification and continuity, he said it checks not only whether patching is complete but also whether the threat has been removed in the real environment. What matters is not whether a patch was applied but whether the threat has disappeared from the environment, he said.

Kim Do-hyun (김도현), a director at Tanium Korea, summarized security environment changes in three stages: pre-Mythos, current and post-Mythos. He said before Mythos, experts typically found vulnerabilities directly and distributed patches monthly or quarterly. Now, as AI detects vulnerabilities without limit, software providers are asking Anthropic to slow the pace of vulnerability disclosures. He said the post-Mythos era is expected to see other AI models beyond Mythos similarly finding vulnerabilities and using them for attacks.

Kim said an era is coming when hundreds of vulnerabilities are announced and hundreds of patches are released each day. He said attackers exploit the time gap between vulnerability announcements and patches, making it crucial to narrow that interval. From a corporate perspective, there is no practical alternative other than patch automation and real-time distribution, he said. Changing internal architecture and establishing governance are the most urgent tasks right now, he said.

Tanium is also strengthening its security product portfolio targeting AI beyond APM. Tanium Ask, launched late last year, is Tanium's first agentic AI product and carries out actual actions rather than just providing answers to questions.

Park Young-sun (박영선), head of Tanium Korea, cited the 2021 Log4j incident. She said it took companies at the time more than 3 weeks just to identify where Log4j was hidden in their environments. Using Tanium Ask, companies can enter a vulnerability-related question and immediately see affected assets in real time, and then execute actions such as applying patches or blocking remote calls, she said.

Tanium also introduced Tanium Valiant Spotlight, a shadow AI management solution, in March this year. It detects and manages shadow AI, meaning AI used unofficially by employees inside a company.

Park said content uploaded to external AI services cannot be retrieved. She said the situation is such that it is impossible in itself to determine which employee is using which AI within a company. Valiant Spotlight finds and manages hidden AI usage within a company in real time, she said.

Tanium has also recently unveiled its autonomous operations agent, Tanium Atlas.

Tanium Atlas was in private preview through last month and has recently shifted to a public beta.

The company said Atlas consists of three elements: Intent Outcome, Ambient AI and multi-model.

Intent Outcome centers on the system executing tasks on its own once a user inputs an intent. Park said if a user inputs instructions such as isolating endpoints without patches by this weekend and then releasing them once patched and verified, Atlas autonomously handles everything from investigating vulnerable assets to distributing patches, verification and ending isolation.

Ambient AI supports the system sending alerts by detecting anomalies before users ask.

Multi-model integrates multiple AI models, including ChatGPT, Claude and Gemini, to provide suitable answers. Park said this is an era in which information heard yesterday becomes outdated today, and that corporate IT operations paradigms must also change to match the speed of AI-driven attack automation.