Companies are racing to secure AI systems, but many are still hiring cybersecurity workers using job descriptions, career ladders and training programs built before the AI boom, according to a new Accenture report shared exclusively with Axios.

Why it matters: Fending off AI-powered hacks expected from advanced AI models will require a new vision for how employers train, hire and retain cybersecurity talent.

The big picture: High burnout rates and extensive training requirements have left the cybersecurity industry scrambling for decades both to bring in entry-level workers and retain existing talent.

• "It's really not a shortage that we have anymore, it's a mismatch," Vikram Desai, global cybersecurity strategy and risk lead in Accenture's cybersecurity practice, tells Axios.

Zoom in: Companies' growing reliance on AI systems is poised to exacerbate the problem, Desai says.

• Employers will increasingly look for cyber professionals who can adapt to new systems and exercise judgment when evaluating emerging threats, he says.
• Retaining workers will require prioritizing new AI-powered defense tools and upskilling employees so they don't seek out such opportunities elsewhere.

By the numbers: 59% of open cybersecurity roles require job candidates to have a combination of technical skills and strategic business savvy, according to Accenture's analysis of more than 550,000 cybersecurity job postings and professional online profiles around the world.

• But only 40% of cybersecurity professionals currently have both skillsets, per the report.
• At the same time, demand for AI-related cybersecurity skills has increased 2.5 times since 2020, underscoring how quickly employers' needs are changing.
• Accenture's review covered listings and online resumes posted between October 2024 and October 2025.

Between the lines: Many companies still view cybersecurity leaders as technical specialists rather than business executives, a perception that may complicate efforts to build the business-savvy workforce employers increasingly say they need.

• At a recent lunch with board directors representing dozens of companies, Desai says, only a few hands went up when he asked whether they viewed the CISO as a true member of the C-suite.

Yes, but: Security leaders are being asked to invest simultaneously in AI tools, workforce training and retention programs at a time when many companies remain under cost pressure and face competing technology priorities.

• Teaching a security analyst how a pharmaceutical supply chain works or a business leader how to assess cyber risk could take years.
• Meanwhile, the average tenure of a cybersecurity employee has shrunk from 3.3 years to 1.8 years in the last decade, according to the report.

What to watch: Accenture anticipates AI will generate more demand for jobs in AI governance, securing AI models and threat intelligence, Desai says.

• "I use these frontier models to do a lot of the things that I do in my role, but even as they get more and more advanced, I'm seeing that [AI] still doesn't have judgment, it doesn't have context, it doesn't have experience."

Cisco is moving to a twice-a-month model for unveiling newly fixed security flaws from its current monthly model, the company said today.

• A week before each release, Cisco will also preview which technologies and platforms will be affected by each drop so defenders will know what will need patching.

Why it matters: New AI models are pouring gasoline on the bug discovery fire, forcing technology and security vendors to rethink how they responsibly disclose the bugs that researchers find in their products before malicious hackers get hold of them.

Driving the news: In July, Cisco will begin publishing disclosures about security fixes in its products on the first and third Wednesdays of the month.

• Those updates are currently monthly, barring any emergency rollouts.

What they're saying: "We've got an opportunity to not just move faster in individual-point problems, but really rethink how we're moving from being reactive to proactive in terms of system-hardening," Anthony Grieco, senior vice president and chief security and trust officer at Cisco, told Axios in an exclusive interview.

• "This isn't just about keeping pace with an individual thing with an individual threat," he added. "It's about how we're addressing the system-hardening and vulnerabilities at a depth and speed that previously was unattainable."

Between the lines: As advanced AI models like Mythos Preview and GPT-5.5-Cyber start to uncover security vulnerabilities at an unprecedented rate, cybersecurity teams are unable to keep up with the pace at which they need to start patching bugs.

• Some systems require a total reboot to install a patch — and others require several tests before an IT or security team is comfortable rolling it out.
• Last month, Anthropic said the roughly 50 partners who are using Mythos Preview have already uncovered more than 10,000 high- or critical-severity vulnerabilities across the "most systemically important software in the world."

Threat level: Over the last eight weeks, Cisco has used a multi-model AI harness to scan 1.8 billion lines of code over 25 coding languages across its wide-reaching technology portfolio.

• Previously, that level of scanning would've taken about eight years to complete, the company said in a blog post.

What to watch: Cisco plans to roll out a new product, called Live Protect, that gives customers a temporary shield against the exploitation of newly discovered vulnerabilities while they work to deploy permanent fixes.

• The product is designed to help customers bridge the gap between the discovery of a vulnerability and the deployment of a permanent software update.
• "It really is about architecting the future with AI, not just defending against AI," Grieco said.

The U.S. government's lead civilian cyber agency is heading into the AI era with shrinking resources and a diminished role as Washington scrambles to assemble a multi-agency response to emerging AI cyber threats.

Why it matters: Former officials and industry leaders fear the Cybersecurity and Infrastructure Security Agency no longer has the capacity to help utilities, banks and other critical infrastructure operators prepare for a coming wave of AI-fueled cyberattacks.

• CISA is at its weakest just when it's needed most, as the government braces for AI models like Anthropic's Mythos to supercharge cyberattacks.

Between the lines: CISA's sidelining started from the top.

• When President Trump hears "CISA," he doesn't think of protecting chemical plants, telecom networks or hydroelectric dams, a source familiar with Trump's thinking told Axios.
• "He thinks of some guy he'd never heard of making over-the-top claims about 2020 being the most secure election ever held," the source said, referring to former CISA director Chris Krebs.

Breaking it down: The agency never replaced its chief AI officer after she departed last year, and it did not receive initial access to Mythos even as other agencies did, as Axios previously reported.

• An industry source told Axios that while many employees remaining at CISA are experienced — including acting director Nick Andersen — the broad personnel cuts and uncertainty about the agency's future have made it harder for industry partners to know with whom to share threat intelligence.
• "Rather than preparing the roof when the skies are sunny, we're choosing to punch holes in it," the industry source said. "Now, the storm has arrived."

Zoom in: CISA has taken a backseat role in the administration's response to the hacking threats posed by Mythos and similar models, according to two sources familiar with the matter.

• Andersen participated in early calls led by the White House's Office of the National Cyber Director with tech and cybersecurity leaders about the implications of the models, but he has not had much influence on the process, one source said.
• "They're down resources, and they don't have leadership," the source continued. "They don't really seem to have a big role here, which is crazy, when you think about their [mission]."

Read the rest.

@ D.C.

📋 The National Security Agency is naming three new people to be the permanent leaders for two of its major cybersecurity organizations. (The Record)

🏛️ A top White House cyber policy official is planning to leave the Office of the National Cyber Director within the next week. (Nextgov)

👀 Trump has named Bill Pulte, a housing official at the Federal Housing Finance Agency, as the new acting director of national intelligence. (CNN)

@ Industry

🤖 Anthropic has expanded access to its Mythos model to approximately 150 additional organizations. (CNBC)

🪙 Companies are finding that bug hunting with Mythos is burning through their token budgets. (The Information)

@ Hackers and hacks

🚨 Hackers used Meta's AI support bot to take over the Instagram accounts for the Obama White House and the chief master sergeant of the U.S. Space Force and briefly defaced them with pro-Iranian images and messages. (KrebsonSecurity)

⚠️ Microsoft is threatening legal action against a security researcher who published a series of unpatched bugs in the company's products. (TechCrunch)

📲 Trolling scammers who text your phone may actually be helping them in the long run. (Wall Street Journal)

⛺️ 🏔️ I had a great time camping in California's Eastern Sierra while on vacation before some wind nearly blew our campsite away!

• 10/10 recommend going off-grid — and having a backup plan.