en.Wedoany.com Reported - At the recent Gartner Security & Risk Management Summit, multiple analysts advised Chief Information Security Officers that the most important task in the age of AI is to remain calm and prudently assess their organization's risk exposure. Gartner VP Analyst Katell Thielemann, in a session discussing the impact of AI on the security of cyber-physical systems such as industrial control systems, directly stated: "Don't panic."

Thielemann noted that while change is rapid, there are some low-hanging fruits to address, such as disconnecting critical equipment from the internet and monitoring remote access to the remaining infrastructure. New AI models like Anthropic's Claude Mythos and OpenAI's Daybreak can discover software vulnerabilities at unprecedented speeds, unsettling cybersecurity leaders. Technology vendors and consulting firms have responded quickly, but sometimes offer unnecessary or even counterproductive advice. Experts are calling on CISOs to return to basics rather than chase hype.

Gartner VP Analyst Dennis Xu stated in another session that Mythos or Daybreak have changed the speed and volume of attacks. Attackers will strike faster, and the number of attacks will be higher over the next 12 months. However, CISOs need to remember two things: stay calm and enhance communication. Security leaders should view the new threat landscape as an opportunity to secure larger budgets. Despite the increase in speed and volume, an enterprise's defense priorities should remain largely unchanged, with the focus still on managing asset exposure and deploying patches for the most critical systems.

Xu asked the audience how many had defined their enterprise's "minimum viable operation"—the core systems and processes—and very few raised their hands. He advised companies to focus on this task as a common language to build consensus among stakeholders on where to prioritize investments in cybersecurity resilience. Analysts emphasized that business leaders must recognize the actual effects of AI and what it has and has not yet achieved. AI companies are pushing enterprises to purchase expensive tool subscriptions, but many tools consume a large number of tokens without delivering significant results.

Gartner VP Analyst Bart Willemsen pointed out that security leaders feel under-resourced because budgets are flowing to generative AI platforms, which have shifted from being nearly free to charging per user or per token. He warned against replacing experienced employees with AI models, as once these employees are lost, they will be difficult to recover. Another session also focused on the risks of neglecting workforce development. Gartner Director Analyst Alex Michaels stated that AI ambitions have encountered a talent pool not yet ready for rapid AI adoption, and enterprises must continuously invest in human skills, or risk undermining the potential of the next generation of security operations center talent.

In a session focused on cyber-physical systems, Thielemann advised critical infrastructure operators to focus on cyber hygiene fundamentals, such as network segmentation and access control, rather than worrying about severe AI attacks that may not materialize for years. She noted that while AI is knocking at the door, the nightmare scenario has not yet occurred. Anthropic invited equipment vendors and critical infrastructure operators to join the Claude Mythos preview program, but so far, no industrial control system manufacturer has publicly participated. Thielemann stated that without more information, one should not readily believe that AI entering manufacturing will trigger a disaster.

This article is compiled by Wedoany. All AI citations must indicate the source as "Wedoany". If there is any infringement or other issues, please notify us promptly, and we will modify or delete it accordingly. Email: news@wedoany.com