In recent discussions on the future of cybersecurity, Hans de Vries, the chief cybersecurity officer of the European Union Agency for Cybersecurity (ENISA), emphasized the pivotal role of AI-powered vulnerability scanning tools. He asserted that these advanced technologies have fundamentally transformed the landscape of software security, indicating that technology firms can no longer claim ignorance regarding bugs or vulnerabilities within their products. During the ESET World conference held on May 19, 2026, de Vries pointed out that the capabilities of modern AI tools enable companies to identify and rectify vulnerabilities efficiently and effectively.
De Vries remarked, “Now, there is no reason anymore for any company to say, ‘I didn’t know about our glitch or our vulnerability in our application,’ because you can actually see it and fix it.” His statements resonated with the conference audience, highlighting a growing expectation for transparency and accountability in tech products. The rapid advancements in AI technology, such as the emergence of innovative models like Claude Mythos and OpenAI’s GPT5.5-Cyber, have set new benchmarks for identifying and addressing software bugs at remarkable speeds. The capabilities of these cutting-edge tools allow organizations to routinely scan their systems and address vulnerabilities before they can be exploited by malicious actors.
Furthermore, de Vries noted that the European Union’s Cyber Resilience Act (CRA), which took effect in December 2024, mandates organizations to adopt cybersecurity measures by design and by default. The CRA establishes a framework for ensuring that companies build secure systems from the ground up. Its main obligations will become enforceable by December 11, 2027, and reporting obligations are set to begin on September 11, 2026. This regulatory backdrop emphasizes the urgency for organizations to fortify their cybersecurity practices.
De Vries further stated, “For me, doing security by design and by default is actually the license to do business right now.” This statement underscores the idea that prioritizing security is essential for maintaining a competitive edge in today’s tech landscape. Failure to implement adequate security measures could expose companies to exploitation by adversaries, leading to potential litigation as stakeholders demand accountability for unresolved vulnerabilities.
The significance of incorporating AI into cybersecurity practices was further echoed by Paul Chichester, the director of operations at the UK’s National Cyber Security Centre (NCSC), during the same event. He underscored that the industry is transitioning into a phase where inadequately coded systems will increasingly have vulnerabilities detected within them. Chichester noted, however, that identifying a single vulnerability does not necessarily imply that a system has been compromised.
He expressed concerns that while discovering more vulnerabilities could be detrimental to certain organizations—particularly those lacking advanced protective measures—the broader trend points to vendors beginning to leverage AI technologies themselves to proactively eliminate vulnerabilities from their products. Chichester posited that AI could standardize the assurance of software products, fostering a landscape where security is integral to the development process rather than an afterthought.
The ESET World conference also featured announcements from the Slovakia-based cybersecurity firm, which unveiled plans for a substantial €40 million investment aimed at amplifying its research and development efforts. This financial commitment is targeted at accelerating the development of cybersecurity-first foundational AI models, establishing a layered AI framework, and creating a new generation of AI-driven Security Operations Centers (SOC). This initiative indicates a strategic shift toward creating more resilient technology infrastructure, underscoring an industry-wide recognition of the pressing need for enhanced security measures in the face of evolving cyber threats.
As the landscape of technology continues to evolve, it is clear that organizations must adapt their approaches to cybersecurity. With the introduction of advanced AI tools and the implementation of regulatory frameworks like the CRA, the message is clear: companies have both the responsibility and the resources to ensure their products are secure. The call for vigilance in addressing vulnerabilities is louder than ever, and technology firms must heed this guidance to thrive in an increasingly complex and perilous digital environment.