Australian organisations are being urged to adopt more autonomous and proactive cyber defence approaches as artificial intelligence (AI) increases both the pace and sophistication of cyber threats, according to commentary from Zak Menegazzi, APJ Director at Armis from ServiceNow.
Menegazzi’s comments follow a recent Australian Cyber Security Centre (ACSC) alert warning that “frontier models” could amplify cyber risk. He argues attackers are using advances in AI to identify long-standing security weaknesses and quickly chain smaller vulnerabilities together, potentially leading to major incidents, including in critical infrastructure environments.
The commentary also points to internal risks from AI-assisted software development, describing how “vibe coding” can contribute to technical debt and introduce security flaws into enterprise systems. Citing Armis Labs testing of “prominent generative AI models”, Menegazzi claims the models “failed 100% of the time to produce consistently secure code”, and warns that rapid deployment cycles can result in vulnerabilities such as missing resource limits and memory buffer overflows.
Menegazzi argues the response requires organisations to move beyond patching and reactive remediation, and instead maintain near real-time visibility of assets and vulnerabilities, including in software supply chains. He recommends shifting from traditional vulnerability management to “exposure-focused” approaches that prioritise risks based on exploitability and exposure, rather than the number of findings alone.
Among the recommendations outlined are integrating scanning of AI-generated code into CI/CD pipelines, moving from periodic scanning to continuous exposure monitoring, prioritising remediation based on business impact, and standardising remediation processes so fixes can be executed at scale.
The commentary concludes that organisations should aim for “autonomous security”, where identification and remediation operate continuously and “at machine speed”, and where detection-to-remediation workflows are managed end-to-end across different types of exposure.
