Part 1: Security fundamentals in the age of frontier AI

This blog is part of a three-part series on how Adobe is evolving its security approach in the age of Frontier AI, covering security fundamentals, product and infrastructure defenses, and supply chain risk. This is part 1 of the series; in part 2, we explore how these security fundamentals are applied to our products and services. In part 3, we look at how these principles are applied to infrastructure and supply chain security.

Frontier AI is rapidly reshaping cybersecurity, changing how vulnerabilities are discovered, analyzed, and exploited at unprecedented speed and scale. In recent years, the time between when a vulnerability is publicly disclosed to when it is exploited by threat actors could be measured in days, weeks, or even months. However, with the advent of frontier AI, this time-to-exploit is projected to be counted in mere hours and, eventually, minutes in the near future.

For security teams, this marks a meaningful shift. Traditional security practices built around periodic testing and reactive remediation are no longer enough on their own in a world where AI can accelerate vulnerability discovery workflows continuously.

Public demonstrations of frontier AI models have already shown how quickly vulnerabilities can be discovered and analyzed at scale. What once required extensive manual effort can now be accelerated significantly through AI-assisted workflows. The implications for any company with internet-facing products are significant.

At Adobe, we see this as an operational shift. We are expanding how we leverage AI-assisted capabilities across numerous key components of our security program, including building security test harnesses, vulnerability management, and remediation workflows to help strengthen our products, infrastructure, and software supply chain.

No company can claim immunity from emerging threats. Our focus is on continuously improving how quickly we can identify, prioritize, and address issues as the threat landscape evolves.

We apply AI-assisted capabilities to help secure our products, infrastructure, and software supply chain, and to further strengthen the security fundamentals that remain essential. These investments are designed to protect not just Adobe's infrastructure, but also the creative IP, documents, and data that our customers entrust us to safeguard.

Security fundamentals still matter

AI does not replace security hygiene; it multiplies it. AI not only enables stronger execution of security fundamentals at speed and scale, but it also increases the importance of getting those fundamentals right to defend against more capable adversaries.

Security programs still depend on strong foundational practices, including threat modeling, secure-by-default configurations, structured design reviews, automated security testing, and incident response readiness. AI allows disciplined teams to operate with greater speed and scale, but it is not a substitute for sound security engineering.

At Adobe, our security fundamentals include threat modeling early in the development lifecycle. Using AI, we can generate a comprehensive threat model in under 20 minutes, enabling earlier identification of potential risks while humans remain focused on critical judgment and final decision-making.

We continue to embed automated security checks into build pipelines, maintain structured security review processes, and operate bug bounty and incident response programs as core elements of our security program. These fundamentals are the foundation of our approach. AI-assisted capabilities only strengthen these efforts.

In this series, we examine how these fundamentals apply across three connected pillars: strengthening product safeguards, hardening infrastructure defenses, and enhancing supply chain security in an increasingly AI-accelerated threat environment.

In the next post, we look at how these principles apply across our products.