​Security Has A Timing Problem, But Attackers Don’t

Innovation​Security Has A Timing Problem, But Attackers Don’tByKen Ammon,Forbes Councils Member.for Forbes Technology CouncilCOUNCIL POSTExpertise from Forbes Councils members, operated under license. Opinions expressed are those of the author. | Membership (fee-based)Jun 01, 2026, 09:30am EDTKen Ammon is CEO of CodeHunter, a serial entrepreneur who exited OPĀQ and NetSec, and former U.S. Air Force captain at the NSA. gettyEnterprise security is built on a flawed assumption that we can recognize malicious software before it executes. For years, that worked. Malware was reused, observable and slow to evolve. That is no longer the case.That’s because today’s threats are shaped by automation and industrialized attack pipelines. Our defensive architecture, meanwhile, is still based on outdated principles. The result is a widening gap between how attacks operate and how security systems make decisions.​Simply put, our traditional post-execution approach to security has a timing problem. ​AI Is Driving Mutation​Signature-based and reputation-based systems depend on prior observation. They require reuse, pattern stability or shared infrastructure. Even behavioral detection models frequently rely on correlating runtime activity with known malicious techniques or previously observed campaigns.That approach assumes that threats will resemble something we have seen before, but modern malware increasingly does not. Automation frameworks now generate polymorphic variants at scale, while AI-assisted tooling can modify strings, control flow or packing routines in seconds. Payloads can be regenerated just-in-time for a specific target, and code that appears once may never appear again.​The observable surface of malware—its hash, its static indicators, even portions of its execution path—has become disposable. In this environment, “known-bad” becomes a lagging signal. Detection depends on history, but attackers have moved on and are designing for rapid mutation.When defenders rely o...