Two New Reports Offer Competing Explanations for Cybersecurity’s Growing Crisis

The rise of AI‑assisted cybercrime—dubbed the post‑Mythos era—has turned applications into a fast‑moving battlefield. Attackers can move from vulnerability disclosure to exploitation in hours, forcing security teams to shift from static, pre‑production checks to continuous, runtime protection. Without real‑time visibility, organizations struggle to distinguish exploitable flaws from noise, leaving critical gaps that adversaries readily exploit.

CSA’s "State of Modern Application and AI Security" survey of 900+ leaders underscores the urgency. While 80% reported at least one breach tied to a known vulnerability, only 9% remediate critical issues within a day, and 74% take up to a week. The data shows a clear correlation: longer patch windows dramatically increase incident rates. Consequently, 52% of upcoming security budgets remain earmarked for CI/CD build protection, yet 42% intend to boost runtime monitoring, signaling a strategic pivot toward in‑flight defenses that can auto‑patch and contextually block threats.

FireMon’s companion report flips the lens, attributing the crisis to human‑operational failures rather than tool deficiencies. With 45% of firewall rules undocumented and 69% unused, policy drift erodes the effectiveness of even the most advanced firewalls and micro‑segmentation platforms. The report urges continuous policy governance, ownership, and automated rule hygiene to reclaim control. Together, the studies suggest that solving the crisis requires both smarter tooling—enhanced exploitability scoring and autonomous patching—and disciplined operational practices to manage those tools at scale.