AI-POWERED vulnerability scanning tools are accelerating the ability to identify and fix bugs, with industry voices arguing there is now little excuse for firms to be unaware of flaws in their software, according to ENISA. During the ESET World conference on 19 May, Hans de Vries, ENISA’s chief cybersecurity and operational officer, said you can actually see and fix issues now, and that doing security by design and by default is the licence to do business.
The piece notes frontier models such as Claude Mythos and OpenAI's GPT5.5-Cyber that can operate at unprecedented speed and scale to identify and fix bugs, while UK authorities like the NCSC emphasise that finding more vulnerabilities does not automatically mean compromise.
It also highlights that the EU’s Cyber Resilience Act entered into force in December 2024, with main obligations applying from 11 December 2027 and reporting obligations from 11 September 2026, and that a €40m investment by ESET World in Berlin aims to accelerate development of AI security models and a new generation AI SOC.