NEXT STEP DESK

AI models will soon discover and exploit software vulnerabilities much faster, according to a new security guide from Anthropic, the maker of Claude. To prepare, the company says organisations should close their patch gap immediately, treating CISA’s known exploited vulnerabilities as emergencies and patching internet-facing systems within 24 hours. Security teams should expect a sharp rise in vulnerability reports and automate triage with human oversight.

Companies should also find bugs before shipping code using static analysis and AI-assisted reviews, prefer memory-safe languages, and scan existing codebases with the same models attackers would use. Zero-trust architecture is essential: tie access to verified hardware, replace long-lived secrets with short-lived tokens, and isolate services by identity.

Incident response times must also shorten. Anthropic suggests putting a model at the front of alert queues and running tabletops for five simultaneous incidents. Small teams should turn on automatic updates, use managed services, enable passkeys, and activate free security tooling on code hosts.