Artificial IntelligencePress Release

Tanium Urges Malaysian Organisations to Accelerate Vulnerability Remediation in AI Era

Highlighting the Need Build an AI-Era-Ready Triage and Prioritisation System That’s Intelligence-Informed and Contextually Informed by Real-Time Data

Cybersecurity firm Tanium has issued an advisory urging Malaysian banks, telcos, utilities, healthcare providers, and government agencies to rebuild how quickly they find and fix software weaknesses, following OpenAI’s launch of Daybreak. It is a new artificial intelligence service that can identify and patch software flaws in minutes rather than weeks.

The Tanium advisory comes as Malaysia’s Cyber Security Act brings the country’s most critical sectors under formal incident reporting obligations to the National Cyber Security Agency (NACSA), with fines of up to RM500,000 for failures to report. Malaysia’s National Cyber Coordination and Command Centre continues to track hundreds of thousands of weak or exposed systems across the country each month.

Outdated Remote Access Remains an Attack Vector

Ransomware groups, according to Tanium, are still entering Malaysian organisations through outdated remote access tools and unpatched software. Tanium said the speed at which attackers and defenders are now operating has overtaken the way most local IT teams still schedule their software updates.

Melissa Bischoping, Head of Threat Research & Intelligence at Tanium, said the shift inside Artificial Intelligence (AI) labs has happened far faster than most enterprises are prepared for.

“As with all things AI, we’re seeing a lightspeed acceleration from novel idea to capability to full product or infrastructure requirement. The largest AI labs have now moved from ‘Oh, wow, look at the security capabilities of these advanced models’ to ‘Here’s a plan and program for enterprise security’—and it took only a few weeks,” noted Bischoping. “AI‑powered vulnerability discovery and remediation is becoming an arms race between the labs providing access and capability to software developers designing the most critical software in the world, and the adversaries trying to develop open‑weight variants or nation‑state‑sponsored models with the same capabilities but lacking the same guardrails.”

For Malaysia, that race lands directly on local defenders. Banks under Bank Negara Malaysia’s technology risk rules already operate on tighter reporting clocks, and essential service operators across telecommunications, energy, water, healthcare, and transport now answer to NACSA. Tanium said the once‑a‑month rhythm that still defines how many Malaysian organisations apply software fixes needs an update.

“Now that AI‑powered vulnerability discovery is becoming an industry norm, the bottleneck tightens around remediation. Software companies are finding, proposing, and developing bug fixes at an unprecedented pace, but is the consumer of that software ready for the patches to deploy? Many organisations today still struggle with the ‘old way’ of monthly patching at the scale of the last few years. That ship has sailed, and we’ve got to rethink and rebuild our patching systems for this era.”

Tanium Higlights Criticality of Acting in Real Time

The next phase, Bischoping said, will reward Malaysian organisations that can quickly tell which software updates actually matter to their own environment—and act on them in real time, not weeks later.

“We are rapidly reaching a reality where vendors won’t ship one or two patches a month, they’ll ship dozens or hundreds of micro‑patches as bugs are uncovered. You need to know at a moment’s notice which releases today impact what’s in your environment. You also need to know which threats are actually exploited in the wild and configured in a way that is exploitable in your environment,” Bischoping said. “Vulnerability and patch triage is a non‑negotiable capability in 2026. It is unrealistic to think we’ll get to a point quickly where every organisation can patch every CVE on every system every day—so what does the path look like? You build an AI‑era‑ready triage and prioritisation system that’s intelligence‑informed and contextually informed by your own real‑time data. The era of days‑old or weeks‑old scanning results and patching backlogs just simply does not exist anymore.”

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *