Why AI Is Making Attack Surface Management Mandatory
嗯,用户让我用中文总结一篇文章,控制在100字以内,而且不需要用“文章内容总结”这样的开头。首先,我需要仔细阅读这篇文章,理解其主要内容和重点。 文章的标题是关于Amit Sheps讨论AI对企业攻击面的影响。他提到网络安全团队面临的挑战,包括可见性、持续评估和主动风险管理的重要性。接着,Sheps批评了传统的漏洞管理模式,认为缺乏可见性和上下文是主要问题。然后他提出了连接外部发现与内部系统的工作流程,强调验证和可达性的重要性。最后,他讨论了AI在扩展安全需求和帮助从业者加速处理中的作用,并建议以业务术语与高管沟通。 接下来,我需要将这些要点浓缩到100字以内。首先确定关键点:AI扩大攻击面、缺乏可见性、连接内外系统、验证可达性、AI的作用、业务沟通。然后组织语言,确保流畅且符合字数限制。 可能会遇到的问题是如何在有限的字数内涵盖所有关键点而不遗漏重要信息。可能需要删减一些细节,比如具体的例子或次要观点,以突出主要论点。 最后检查语言是否简洁明了,确保没有使用任何专业术语让用户难以理解,并且直接描述文章内容。 </think> Amit Sheps探讨了AI如何扩大企业攻击面并加剧网络安全团队的挑战。他指出传统“漏洞打地鼠”模式效率低下,强调通过连接外部发现与内部系统以实现统一视图的重要性,并建议以业务相关风险为核心进行管理。 2026-1-22 19:38:59 Author: securityboulevard.com(查看原文) 阅读量:0 收藏

Avatar photo

Amit Sheps, head of product marketing at CyCognito, discusses the growing challenges cybersecurity teams face as artificial intelligence accelerates the expansion of enterprise attack surfaces. He explains why visibility, continuous assessment, and proactive risk management are becoming essential in an AI-driven threat landscape.

Sheps argues that most teams are still stuck in “vulnerability whack-a-mole” mode, chasing long lists that do not translate cleanly into actual risk. The practical problem is not a lack of tools, but a lack of visibility and context. If you cannot reliably enumerate internet-facing assets, understand ownership, and map what is truly reachable from the outside, then prioritization becomes guesswork and remediation turns into a noisy, never-ending queue.

A major focus is how security leaders can regain control by connecting external discovery with internal systems and workflows. The goal is a unified view that ties inventory, ticketing, and exposure findings together so teams can connect the dots, reduce duplicated effort, and focus on what is exploitable and business-relevant. Sheps emphasizes validation and reachability: what can an attacker actually see, touch, and chain into an impact, not what simply appears “critical” on a scanner report.

AI shows up in two ways. First, it expands what must be secured, with new agents, MCP-style integrations, and rapid-fire deployments creating fresh entry points. Second, it can help practitioners move faster by assisting with investigation, triage, and data processing at scale, acting like a junior analyst that surfaces initial findings and patterns across logs and telemetry.

Finally, Sheps tackles the executive conversation. He recommends framing exposure management in business terms, especially through compliance drivers and measurable operational impact, such as downtime, customer disruption, and revenue loss. The takeaway is straightforward: continuous assessment and proactive risk management are becoming table stakes, and the most effective teams will be the ones that can see their environment the way an adversary does and act on the small set of exposures that truly matter.


文章来源: https://securityboulevard.com/2026/01/why-ai-is-making-attack-surface-management-mandatory/
如有侵权请联系:admin#unsafe.sh