For most of the past two decades, cybersecurity tools have worked much like a building inspector. They walk through a checklist, room by room, looking for known defects. An unpatched window here, an outdated alarm panel there. They are fast, methodical and fundamentally backwards-looking, telling you what is broken based only on a list of things that have broken before.
Frontier AI models behave less like the inspector and more like an experienced burglar walking through the same building. The burglar notices that the side gate is unlocked, that it leads to a courtyard, that a courtyard window opens onto the second floor, and that the second floor connects to the executive suite. On their own, none of these things is a critical defect. Pieced together, they form a serious vulnerability.
The shift, from listing isolated weaknesses to reasoning across them, is the most significant change in enterprise security in a decade.
From scanning to reasoning
What sets this new generation of models apart is multi-step reasoning. While a traditional scanner produces a list, a reasoning model connects the dots that a scanner would only ever see in isolation. It traces how a single stolen credential could open a path through one system, expose a misconfiguration in another, and ultimately lead to a sensitive database.
When Zscaler put frontier models such as Anthropic’s Mythos and OpenAI’s GPT-5.5 Cyber through structured security testing, this was the capability that mattered most. What the models demonstrated was closer to the behaviour of a skilled human intruder than to any previous generation of security tooling: pursuing several independent attack paths in parallel, carrying stolen credentials and session data forward from one stage to the next, and converging on a single high-impact outcome.
The closest business analogy is a forensic investigator who looks at a suspicious expense in Mumbai, a vendor contract in Jakarta and a missing approval in Singapore, and sees one connected pattern where most analysts would see three unrelated issues. Until recently, that kind of synthesis required a senior human with years of context. It is now available on demand, at a speed and scale human teams cannot match — and the uncomfortable truth is that defenders and attackers are drawing from the same well.
Two findings that matter for the boardroom
The headline number from Zscaler’s testing is striking: frontier models surfaced roughly twice as many high-severity findings, at twice the speed, compared with legacy tooling and conventional penetration testing. Just as important, the findings that survived validation came with accurate severity ratings, clear reproduction steps and remediation guidance grounded in realistic attacker behaviour.
For a CFO, this reshapes the maths of security spending with fewer false alarms, faster fixes and a better return on each analyst hour. For a CEO, it marks a meaningful shift: resilience is becoming a measurable capability, supported by evidence rather than assumption.
The second finding is more subtle and more useful. The way a model is briefed has a direct impact on the quality of its findings. Giving it a clear picture of the environment improved accuracy significantly. But over-briefing it on issues already identified produced the opposite effect — the model anchored on familiar patterns and stopped surfacing new ones.
The lesson: Ground the model in its environment; don’t lead it to your conclusions.
What changes on the attacker’s side
What once demanded a skilled operator, weeks of patience and a degree of luck can now unfold in minutes with reasoning AI. The three steps that traditionally required separate effort and expertise to connect — credential theft, lateral movement and data exfiltration — are increasingly executed as a single, end-to-end operation.
In Zscaler’s adversarial testing of enterprise AI systems, critical vulnerabilities surfaced in 100% of the systems analysed. The median time to a first critical failure was just 16 minutes — with nine in 10 systems compromised in under 90 minutes.
This changes how boards should measure resilience. Perimeter strength is no longer the right yardstick. What matters now is how quickly an organisation can spot a compromise and shut it down. A business that detects and isolates an intrusion within minutes faces a vastly different financial, operational and reputational outcome than one that takes weeks to realise it has been breached.
The scale of the exposure
The pace of adoption is widening the gap. Analysing close to a trillion AI transactions across 2025, Zscaler found enterprise AI activity grew 83% y-o-y across an ecosystem of more than 3,400 applications. Data flowing into AI tools surged 93% to over 18,000 terabytes — turning everyday platforms into some of the most concentrated repositories of corporate intelligence anywhere.
Most concerning, much of this is invisible to the people accountable for it. Many organisations still lack a basic inventory of the AI models and embedded features active inside their own environment. AI capabilities now built by default into common business software often slip past legacy security filters entirely.
What this means for leaders, practically
Five observations to share with chief executives and chief information security officers across the region are:
- An asset that an attacker cannot see is one they cannot easily compromise. Architectures that keep applications off the open internet belong firmly on the strategic agenda, alongside resilience, customer trust and operational continuity.
- Most regional conglomerates underestimate the true scale of their digital footprint, particularly across subsidiaries, joint ventures and recently acquired entities. This is precisely where visibility is weakest and where attackers concentrate. A complete, continuously maintained inventory of digital assets, AI systems included, is the foundation every other security investment depends on.
- The models deployed across customer service, underwriting and operations are now part of the attack surface. Adversaries will try to manipulate them with malicious instructions, much as fraudsters socially engineer call-centre staff into bypassing their own controls. These systems warrant the same governance, oversight and audit already applied to core financial platforms.
- Reasoning attackers explore many paths to an objective, which sharply raises the chance of triggering decoys planted inside the environment through fake credentials, servers and data designed to look legitimate. These function as silent alarms inside a vault, and they grow more effective, not less, as attackers become more thorough.
- The right boardroom question has changed. “Are we secure?” assumes a binary state that no longer reflects reality. “How quickly can we recover when something fails?” reflects the world as it is. Resilience, measured in hours rather than days, is now the more honest standard of cyber readiness.
The window is open now
AI has moved from a productivity tool to a mission-critical operational capability, and that shift is visible on both sides of the firewall. The defenders who lead through this phase will be those who combine reasoning AI with disciplined architecture and the judgment to know what genuinely matters. On their own, technology and dashboards will not deliver resilience — the discipline and thinking behind them will.
Singapore has earned a reputation for being early, deliberate and well-coordinated on questions of digital trust, and that reputation is a strategic advantage worth pressing. The window to lead this next chapter, rather than spend it catching up, is open now, and it will not stay open indefinitely.
Sanjay Yadave is the vice president and managing director for Greater Asia at Zscaler
