Last week three agencies joined the chorus of warnings about the impact of AI accelerated attackers. The National Academy of Sciences of the United States, cyber and open source leadership of the United Nations, and the operational cyber agencies of the Five Eyes — all issued warnings and made suggestions.
And Sunday morning concerns about Chinese models matching Anthropic for cyber was the top article from the WSJ.
While DeepTempo was perhaps the first start-up to warn about the criticality of accelerating the defender’s OODA loop through investment in machine speed intelligence in order to handle the expected onslaught of AI powered attacks - this blog is not “I told you so.” Rather this blog summarizes the perspective of these critical agencies, suggests practical steps we must take today, and brushes off my crystal ball to again see into the fast approaching future.
Let’s review the last several days:
- June 22, the cyber security agencies of the Five Eyes — Australia, Canada, New Zealand, the United Kingdom, and the United States, joined by CISA from the United States — issued a joint call to action warning that AI is transforming cyber risk on a timeline measured in months, not years.
- June 24th, the National Academies of Sciences, Engineering, and Medicine published Implications of AI for Cybersecurity, a rapid expert consultation that includes some depth in possible architectures for our response.
- June 26th, I participated in a panel in New York, UN Open Source Week of people trying to make AI accountability and specifically verifiability real. The use of generative AI for defense (though not DeepTempo’s LogLM) is hamstrung by an inability to validate what it has done in our environments.
On that last point - a quick shout out to everyone involved in last week’s sessions on Verifiable AI including Tricia Wang and the Advanced AI Society she leads, the Polaris Collective who also saw the writing on the wall and is led in part by Julie Tsai who also helps lead us at DeepTempo as an advisor and friend - Julie was our panel moderator on Friday as well - and to my fellow panelist Mostafa Elkordy who leads the Open Source United Community of Practice at the United Nations and is helping to advance OSARA, an open standard for sovereign, accountable AI agents. What an amazing world we live in where problems on the rapidly approaching horizon are already being addressed by social, policy and technical entrepreneurs; we just have to look, listen, and help where we can.
Gartner or your other favorite analyst generally cannot help you here; driving around the block while looking in the rear view mirror is doable, if dangerous, at a walking speed, but definitely not recommended when you join the rest of us in the left lane of the autobahn. The committee meetings you had in Q3 and Q4 about our priorities for cyber in 2026 likely led you astray; that’s ok, to judge from the collective freak out and the 400%+ increase in attention we are receiving at DeepTempo and for our Vigil open source project in recent weeks - that’s almost everyone in and around cyber today. The question is what are you going to do right now to both better protect your organization and to change the processes and the thinking that has allowed us to be led by the top down selling cyber industry into an extremely dangerous technical cul-de-sac in which current detection approaches cannot see today’s attacks and our knee jerk reaction to Mythos is to patch faster while slamming on the brakes of US led AI progress.
The last several days show that policy makers, including those on the front lines of defending western societies, now have a deeper understanding of the impact of AI on cyber security. Now that attackers are using AI in attacks, each of these reports admit and argue that our responses cannot simply be to do the old things, faster. After all, we were already massively behind in patching vulnerabilities. Learning that Mythos, and now Chinese open source distillations can be used to find yet more vulnerabilities, faster, is therefore not all that concerning; what is more concerning is that, as anticipated when we founded DeepTempo, attackers are able now to use AI to run intelligent campaigns that avoid detection; identifying and even discovering new vulnerabilities is only one part of these campaigns.
We DO have an opportunity to build an OODA loop that returns advantages for defense. It will take a root and branch reexamination of cyber, including leveraging and accelerating investments in data layer solutions, and many other capabilities necessary to unleash and control AI in our defense. Some of us have dedicated the last few years of our lives refactoring cyber to prepare for today.
What the reports say
The report from the National Academies does not pull punches and raises many alarms for the short term. As discussed, frontier systems are expanding what is possible and currently those advances favor attackers by compressing the attack lifecycle and lowering the barrier to sophisticated exploitation. Reconnaissance, vulnerability discovery, exploit development, and social engineering all collapse into fewer steps and less time.
As the cliche in cyber goes, the attacker only has to get it once, the defender must win every time. And while that is true, especially given the growing irrelevance of deterrence in cyber as nation state-like capabilities diffuse and proliferate, still in kinetic wars, defense often wins. Why is that?
Clausewitz in the Theory of War cites a few reasons that defense often wins: the closer supply lines of defenders vs. the extended lines of attackers, the knowledge of the terrain of defenders, and the motivation to fight for one’s own all contribute to superior defense.
How about cyber? How can we similarly harness superior knowledge about our domains, and the equivalent of tighter supply lines, to move faster and more intelligently than attackers?
Last week’s reports lay out some of what we see as the immediate future. As suggested, we believe in a world of machine speed intelligence. We can now build systems that model our world at a depth and specificity that attackers cannot hope to match; just as one squirrel or even a dump truck used as a weapon cannot take down all Waymo cars, everywhere, putting their passengers at risk, so too can cyber world models change the equation, and allow for every environment to quickly see attacks at their earliest moments, with ever increasing precision.
A world model is the foundation that gives all action taking systems most of their needed context. We cannot look around at even reasoning model speed each time for context and hope from that to achieve detection accuracy. Doing so is expensive, dangerous and inaccurate. If you’d like to confirm this yourself, please take a look at the SOC bench open source project; when you do you’ll see the impracticality of using agentic AI directly for detections. Waymo is not asking their reasoning models to run a chain of thought on whether the squirrel is a hazard - they have an encoder-only world model much like our LogLM running which has useful context about how the world of streets and highways works. The reasoning models access this intelligence as needed, they don’t try to learn the likely behavior of squirrels on the fly.
What is more, this intelligent context can and will be shared across organizations without sharing confidential information. Our engineering team has been collaborating with organizations like JPMC, RBC, BNY and NVIDIA showing how this can be done. You can access the arXiv paper here.
The shared context from world models enables collective defense and a massive faster OODA loop. It is the information equivalent of shorter supply lines benefiting the defender. Signals from one stage inform the next: detection insight shaping patch priority, incident data feeding back into hardening, and so on. And within it all - adaptive deception.
This is not entirely theoretical, although wiring the entire system together requires open source projects like Vigil and some flavor of verifiability of AI which is missing today. We have proven that detections can be reinvented as a foundation of machine speed intelligence for cyber. Our LogLM world model is fundamentally unlike the prior generation of human built machine learning. We rejected the trade off between false positives and false negatives and dramatically limited the costly and time consuming human tuning that prior systems require. Our model, which learned from BNY, drops into novel environments and points a spotlight on attackers, even as they attempt novel ways to avoid existing defenses.
As one of the authors of the National Academy of Sciences report puts it: the short-term outlook is concerning and the long-term outlook is cautiously optimistic. Our job is to leap ahead as quickly, and safely, as possible.
Western Intelligence Agencies Agree
In their joint statement last week, the Five Eyes cyber security agencies — the United States' NSA, the United Kingdom's NCSC, Australia's ASD, Canada's CSE, and New Zealand's GCSB, together with the U.S. Cybersecurity and Infrastructure Security Agency — put it in operational terms: frontier AI is reshaping offensive and defensive cyber capability on a timeline of months rather than years, compressing the gap between when a vulnerability is found and when it is exploited. They too emphasize that no single technology alone delivers resilience. We must have defense in depth, and that includes solutions such as our LogLM acting as overwatch, a nearly impossible to elude line of defense flagging malicious behavior and intent, allowing attackers to respond faster with much less wasted effort and collateral damage to their operations, reducing direct and indirect costs.
Crystal ball - what is in the way of machine speed intelligence, and an OODA loop that attackers cannot match?
The reports point out at least three hurdles to our better future, and I will add a fourth:
The first is measurement. AI-driven cyber capability is advancing faster than our ability to evaluate it. There are no widely accepted frameworks for judging how well an AI system performs offensive or defensive tasks. While we have all seen LLM benchmarks pointing out various improvements, these so far fail to cover detections or other common tasks. Note that DeepTempo open-sourced the SOC bench project to contribute here, however this must be a much broader industry effort. Some good news is that evaluating world models for cyber like our LogLM is relatively simple; the evaluator simply asks whether it can see attacks better than prior approaches, and this can be validated in a number of ways, including reference data sets, side by side tests, and low cost threat hunts to find existing attacks that have gone unnoticed. We even built an evaluation capability of detection effectiveness into the LogLM itself. Plus there are countless AI red teaming companies emerging that can be used to close the loop and validate effectiveness.
It is the effectiveness of the reasoning side of cyber defense operations that is lacking and that efforts like SOC Bench and others must address.
Secondly, as we discussed repeatedly this week at the UN, generative systems lack clear behavioral guarantees, so their outputs must be read probabilistically rather than deterministically. The related lack of verifiability is an immediate blocker for the use of AI SOC solutions in many environments where the verifiability of actions taken by the agent is sacrosanct and often mandated by regulators and insurers. As a result, these organizations, including many that protect and manage the internet itself such as national telecommunication providers, must keep the humans in the loop in every action. Because attackers are not constrained in the same way and are ramping up their attacks and the intelligence of their attacks, defenders are getting overwhelmed.
The third point is perhaps obvious. AI systems must be secured as they are deployed. They are no longer just tools for defense; they are components of the environment, exposed to prompt injection, adversarial inputs, instructions buried in retrieved documents and agent-to-agent messages, and they are intended to perform autonomous action with limited human oversight. Despite enormous investment in identity systems and a lot of building for non-human identity, it is hard if not impossible to apply least privilege controls to agents that tie the agents back eventually to a human for accountability. And even if such systems did exist, it is unclear whether humans would be willing to sign onto that accountability. Here is an idea for a start-up: systems to enable an accountable human to sign off on the behaviors of literally thousands of agents. This is a different persona than the security analyst, I’m talking about the researcher at AstraZeneca who is personally responsible for safely accelerating drug discovery. How do they sleep at night?
The fourth impediment that I will cite is ourselves. As Walt Kelly put it 56 years ago - “We have met the enemy and he is us.” While we don’t have a lot of time to spend on navel gazing, it may still be worth considering why almost all planning committees for cyber priorities in 2026 failed to anticipate the present moment. After all, I did, years ago, and I don’t have 1% of the resources of a top bank or government. How were the signs so obvious to some of us and yet seemingly ignored by most large institutions? I don’t know the answer to that question, although it is the sort of question Thomas Kuhn seeks to answer in the Theory of Scientific Revolutions, which was famously popularized in the Innovator’s Dilemma. I will suggest that our penchant for top down selling technologies via overwhelmed risk managers called CISOs has not served the cyber security industry well. We need to shift to an approach of rapid evaluation, composable components, and the BS filter of open source communities where practitioners actually doing the work vote with their engagement on which solutions are worthy of commercial adoption. Practitioner engagement and adoption, and not the size of the funding round or the resulting booth at RSAC, should be determinant as we seek to adopt machine speed intelligence. Of course this immediately raises the question of which practitioners, since the analyst that hand crafts rules to see yesterday’s attacks may not be all that excited about a future in which world models responding to rule-avoiding AI powered attacks renders rule crafting as somewhat moot.
What does DeepTempo have to do with today’s challenges
This blog is really intended to focus on the problems we face and the dawning realization by policy makers and national governments that we are in the midst of a crisis. I will spare you the lengthy sales pitch. Please take a look at our web site and open source projects including Vigil.
We built DeepTempo to enable a radically accelerated OODA loop via our technologies, and those already in the ecosystem such as the data layers from Cribl and Snowflake and others. In short, our LogLM is the behavioral proof needed across many workflows, including detection. The Open Source AI SOC Vigil, or your existing favorite AI SOC, is the open, agentic, inspectable layer that acts on it. Standards like OSARA and a category like verifiable AI are needed to supply the cryptographic accountability that completes the picture. None of these is sufficient alone. Together they are an architecture that this week’s reports reveal experts now broadly admit is needed to deliver machine speed intelligence for cyber defense.
We are currently signing up users of our LogLM for an all in one assessment of your environment via a series of AI powered threat hunts to see if you have already been penetrated by an AI powered attack; we work with your team to quickly apply our state of the art solutions and our crack team on a fixed fee basis. In addition to knowing the scope of any penetration you will see the future of cyber defense in operation, which can help you to assess your overall organization’s capability to embrace machine speed intelligence for cyber defense. Get in touch now if you might be interested as we have limited booking slots. Feel free to email me directly Evan at DeepTempo dot ai.
Sources: Five Eyes cyber security agencies joint statement, “The AI Shift in Cyber Risk” (June 2026), via NSA. National Academies of Sciences, Engineering, and Medicine, “Implications of AI for Cybersecurity: A Rapid Expert Consultation” (2026), DOI 10.17226/29493. OSARA Open Standard, Open Source United. Advanced AI Society. UN Open Source Week 2026. https://elkordym.github.io/osara-open-standard/
