Though it may seem counterintuitive, the best way to prepare for the impeding flood of AI-empowered cyber attacks is to double down on the fundamentals of cybersecurity.
It’s no secret that AI has become the buzzword du jour. And for good reason — frontier AI models are pushing the boundaries of what we thought possible just a few short years ago.
But at the same time, many cybersecurity vendors are “AI-washing” their products, stuffing AI into their marketing in ways that are neither technically accurate nor intellectually honest. Slap “AI-powered” on a feature that amounts to a rules engine with a language model on top, and suddenly you’re an AI company. The industry deserves better than that.
SixMap, like every innovative technology company, is rapidly adopting AI — both in our internal processes and in the capabilities we deliver to customers. AI helps us build the product, and we have AI capabilities that deliver meaningful value to customers. But at some point in the not-too-distant future, every cybersecurity vendor will be an “AI cyber” company by default, and so we have no plans to call ourselves one today.
What we are focused on is helping customers prepare for what’s actually coming. The release of Claude Mythos Preview and Project Glasswing earlier this month made one thing clear: AI is about to compress the timeline between vulnerability discovery and weaponization from weeks to minutes. The organizations that handle that transition well will be the ones with the fundamentals in place — accurate asset inventories, rigorous vulnerability management, and agile remediation programs. SixMap exists to give organizations exactly those capabilities so they can defend against AI-empowered adversaries.
This post provides a holistic overview of the cyber AI landscape, describes how SixMap is using AI to accelerate our development cycles, and walks through the AI-powered features we’re deploying in the SixMap platform.
A Brief Overview of the Cyber AI Landscape
Broadly speaking, the security community is still developing a useful vernacular for talking about AI in security. Phrases like “AI security” or “securing AI” lack precision and could mean very different things to different people. New categories and terminology are starting to emerge, but it’s yet to be seen which ones will gain mass adoption.
While the exact language is still being sorted out, two clear directions are taking shape: using AI to perform cybersecurity tasks, and securing enterprise use of AI across the organization.
Using AI to Perform Cybersecurity Tasks
This first market segment is really several use cases rolled into one: deploying AI agents to complete security tasks faster, at greater scale, and with limited human involvement.
Security Operations. AI in the SOC is one of the most promising near-term applications. This includes triaging alerts, distinguishing noise from true positives, learning from those findings, rewriting alerting rules to improve fidelity, and continuing to refine the process over time. False positives get weeded out. Basic remediation actions — such as isolating a potentially infected host or locking a user account after ten failed login attempts in a minute — can be handled autonomously. Higher-criticality incidents get escalated, and humans take over when a real attack is in motion. Using AI to process thousands of alerts per hour frees up security personnel to focus on more meaningful work.
Penetration Testing. This is exactly what it sounds like: using AI agents to attempt to breach specific systems and applications in order to identify where security controls are failing or absent entirely. This includes network-layer tests like brute-forcing SSH or RDP ports and running exploits against vulnerable services, as well as application-layer tests such as SQL injection, path traversal, and cross-site scripting. AI agents can test continuously and produce follow-up reports without requiring anything other than tokens — a meaningful change in the economics of offensive security testing.
Vulnerability Management. AI is being applied to finding vulnerabilities in software products, triaging findings to understand the risk profile of each one, and — increasingly — helping remediate them. This is where Mythos has captured public attention: the model reportedly identified thousands of zero-days across major operating systems and browsers in a matter of weeks.
It’s worth being precise about AI vulnerability discovery capabilities. Models like Mythos are trained on human-generated knowledge, which means they excel at finding the vulnerability classes that humans have already documented extensively: memory corruption, use-after-free bugs, buffer overflows, injection, cross-site scripting, and the rest of the well-known catalog. Frontier AI models apply known patterns at superhuman speed and scale across far more code than any human team could review or test. That’s enormously valuable, but it’s not a novel vector that the cyber community is unfamiliar with.
The remediation use case is still maturing. Updating a specific piece of software to the latest version has the potential to break compatibility with other services, which could disrupt a production system. While AI-driven remediation may not be fully production-ready today, it’s not far off, and it will help organizations work through the tidal wave of new vulnerabilities reported each month.
Application Security. AppSec is distinct from vulnerability management, which typically focuses on the third-party software an enterprise consumes. AppSec focuses on hardening the software that the enterprise itself develops and ships to customers. This includes source code reviews — Static Application Security Testing (SAST) and Software Composition Analysis (SCA) — as well as Dynamic Application Security Testing (DAST), which surfaces vulnerabilities in running applications. AI is highly effective in both: thoroughly reviewing source code far faster than a human reviewer, and orchestrating DAST workflows that combine multiple automated tools into rigorous, low-touch testing. SAST and DAST vendors are already incorporating AI into their offerings to meaningful effect.
Securing Enterprise Use of AI
The second direction is the mirror image of the first. Enterprises across all industries — technology, healthcare, retail, manufacturing, government — are adopting AI tools at a rapid pace. Executives fear missing out on productivity gains, so the tools are being deployed broadly across operations, R&D, finance, HR, marketing, sales, IT, and engineering.
The problem is that adoption is outpacing the security guardrails meant to ensure safe usage. Security leaders have little to no visibility into who is using AI, how they’re using it, and what information is being shared with LLMs. Consider a common scenario: someone needs to analyze a large spreadsheet. Rather than building filters and creating pivot tables, an employee uploads the file to an LLM and starts prompting. It’s faster — until you realize that the CSV contains customer credit card details protected by PCI-DSS, or patient health data regulated by HIPAA. Now there’s a serious compliance problem. Several cybersecurity vendors are working on this challenge, essentially building a new form of Data Loss Prevention focused on preventing employees from accidentally exposing regulated or proprietary data through AI tools.
A related challenge is governing AI agents themselves. As organizations deploy agents for everything from software development to data analysis, ensuring those agents aren’t over-permissioned becomes critical — the principle of least privilege, applied to AI. This matters especially in development environments, where an agent could delete sensitive data, affect production availability, or inadvertently expose internal systems to the public internet. It also means ensuring agents don’t accidentally commit API keys, OAuth tokens, or other secrets to public repositories. Many vendors are now addressing this space, including legacy IAM providers. In the not-so-distant future, AI agent governance will simply be an integral component of identity and access management.
How SixMap Is Delivering AI Capabilities to Customers
SixMap operates on a simple principle: the data we provide is only as valuable as a customer’s ability to act on it. We already deliver complete, accurate exposure data in near real-time. Now, we’re using AI to make that data faster to analyze, easier to integrate, and more actionable across the workflows security teams already rely on.
Custom Skills and On-Demand Reporting
We’ve developed, tested, and deployed a set of custom skills that our AI agents use to surface insights from SixMap data on demand. Customers describe what they need in natural language, wait a few minutes, and receive a fully designed report — no manual querying, no exporting to CSV, no building dashboards from scratch. Whatever you need, whatever data SixMap has, you can get it in a polished deliverable.
The use cases are wide-ranging:
- “I need an executive-level report on the changes in our external cyber risk posture over the past calendar year.”
- “Show me the top 10 CVEs impacting my external attack surface.”
- “Give me a report on the entities and business units within my organization that have the highest level of cyber risk — show me the ones that need the most help right now.”
- “Show me the top 5 IP addresses that require urgent remediation. Explain which IPs, which entity owns them, what vulnerable services each one has, which CVEs are on each system, and what we need to do to fix them.”
A security leader who would have previously needed to file a request with an analyst and wait days for a deck can now get the same answer in the time it takes to grab a coffee. And because the underlying SixMap data is continuously refreshed, every report reflects the current state of the attack surface — not a stale snapshot from last quarter.
SixMap MCP Server
SixMap is also releasing an MCP server that gives customers the ability to connect their organization’s AI tools directly to the high-fidelity exposure data that the SixMap platform provides.
This enables straightforward use cases — querying and analyzing exposure data with the LLM of your choice, without manually exporting and feeding it to the model. It also unlocks more sophisticated workflows: providing exposure context to AI-driven SOC tools during alert triage, supplying continuously updated external asset data to red team agents, or grounding any internal AI agent that needs accurate ground truth about your external attack surface. As more organizations build agentic workflows on top of platforms like SixMap, the MCP server becomes the connective tissue that makes those workflows trustworthy.
How the SixMap Team Is Using AI Internally
The capabilities we deliver to customers are one side of the equation. The other is how we’re using AI to build a better product, faster — not to replace our team, but to amplify what they can do.
Accelerating Development with AI
The latest frontier AI models are remarkably capable when it comes to writing software. The SixMap team is integrating AI into the engineering workflow: handling boilerplate, generating test suites, reviewing pull requests, and prototyping new features. This accelerates development cycles and frees our engineers to focus on the complex, high-judgment work that requires deep domain expertise: designing the algorithms that map the IPv6 space, building the attribution logic that ties every asset to the right entity, and so on.
We’re also using AI to enhance secure code reviews and bug hunting before new code ships. As noted above, vulnerability research and AppSec are two areas in which AI is highly effective, and we benefit from that on the producing side as much as our customers benefit on the consuming side. The result is that we can build and ship more features, faster, without sacrificing the precision the platform demands.
Designing an AI System for Organization Mapping
One of SixMap’s core differentiators is where our process begins. Whereas every other vendor starts with network discovery — asking for a series of domains and IP addresses and using them as seeds to find additional network assets — SixMap starts with organization mapping. This process requires only the organization’s name. From there, SixMap identifies all of the entities and suborganizations that belong to the parent: subsidiaries, business units, and operating companies for private-sector enterprises, or agencies, departments, school systems, emergency services, and utilities for public-sector organizations.
This approach yields three benefits. First, network discovery is far more complete because every entity acts as a starting point for finding networks, IPs, and domains. Second, attribution is automatic and transparent: every network asset is assigned to the responsible entity, so when a risk is detected, it’s immediately clear who owns the asset and who to contact about remediation. Third, the data is structured with organization-based and role-based access controls, so dozens, hundreds, or even thousands of users can be granted access to the platform with each person seeing only the data relevant to their entity.
SixMap is now building an AI system to automate organization mapping. Using just an organization’s name, this AI-driven process identifies all entities, builds the organizational hierarchy, and prepares each entity for network discovery. A human remains in the loop to ensure data accuracy and iteratively improve the system. AI accelerates the process and helps it scale in a way that would be difficult to achieve without it.
Conclusion: The Mythos Moment
The AI landscape in cybersecurity is moving fast, and it will continue to evolve in ways that are difficult to predict. We’re still in the early days, and there will be many more developments to come across the near, mid, and long term. The SixMap team is staying at the cutting edge, both in our internal workflows and in the product features we deliver to customers.
One point worth underscoring: even Mythos, the most capable cyber-focused model released to date, hasn’t invented a new attack technique. It found thousands of zero-days in weeks, but every one of them falls into vulnerability classes that security researchers have known about for decades. AI systems still overwhelmingly operate within the bounds of human-documented knowledge; what they change is the speed and scale at which that knowledge gets applied.
That’s exactly why fundamentals matter more now, not less. The attack techniques aren’t new, but the rate at which they get applied to your environment just changed by orders of magnitude. Accurate asset inventories, rigorous vulnerability management, and agile patch and remediation programs are what determine whether AI-accelerated attackers find a foothold or run out of attack surface to work with. The more secure and well-mapped your external environment, the less Mythos-class capability matters when it ends up in the wrong hands.
That’s the work SixMap exists to do. If you want to see what your external attack surface actually looks like — and how to get it ready for the era of AI-empowered adversaries — get in touch with our team.
