Runtime Security: Definition and Why It’s No Longer Optional

February 2026

Runtime security means protecting runtime data in CPU and memory—directly. It matters regardless of whether an intrusion succeeds or fails.

Attack paths are endless, but execution is not. Whatever the entry point, meaningful impact requires data and code to exist and operate at runtime.

Monitoring alone cannot protect data in use. Runtime security must reduce blast radius by keeping sensitive runtime data protected—especially where secrets are handled in memory.

— The Case for Structural Defense in the Age of AI —

“Don’t guard a hundred gates. Protect the one heart.”

1. Introduction — A Turning Point in Cybersecurity

In 2025, cybersecurity crossed a historic threshold.

Case Study 1: AI Autonomously Executed 80–90% of a Cyberattack

In November 2025, Anthropic disclosed that it had detected and disrupted a large-scale AI-driven espionage campaign attributed to a Chinese state-sponsored group. The activity, first observed around September 2025, represented what Anthropic called “the first documented case of a large-scale cyberattack executed without substantial human intervention.”

The AI autonomously performed reconnaissance, vulnerability discovery, exploit development, credential harvesting, and data exfiltration. Human operators were involved only in strategic decision-making. The attack targeted approximately 30 global entities, including major technology companies, financial institutions, and government agencies.

Source: Anthropic, “Disrupting the first reported AI-orchestrated cyber espionage campaign” (November 2025)

Case Study 2: AI Outperformed Human Bug Hunters

In 2025, XBOW reported reaching #1 on HackerOne’s US leaderboard—an early signal that autonomous vulnerability discovery can rival top human researchers. For the first time, AI demonstrated the ability to discover security vulnerabilities faster than human researchers.

While this capability benefits defenders, it also means attackers can leverage the same technology. We have entered an era where zero-day vulnerabilities can be discovered and exploited at unprecedented speed.

Source: Cybersecurity Dive, “Autonomous attacks ushered cybercrime into AI era in 2025” (citing Malwarebytes 2026 State of Malware Report)

We are now living in a world where AI can automate attacks and discover vulnerabilities faster than any human team can respond.

But here’s the critical insight: No matter how sophisticated attack methods become, no matter how intelligent AI grows, all malware must ultimately use CPU and memory to execute. This physical reality cannot be circumvented. And this immutable truth demands a fundamental rethinking of security strategy.

This paper analyzes the structural challenges of cybersecurity in the AI era and makes the case for why runtime security has become essential.

2. Redefining “Runtime Security”

2.1 The Common Misconception

Search for “runtime security” and you’ll typically find definitions like:

“A technology for monitoring and protecting running applications and processes in real-time, particularly in cloud-native environments such as containers and Kubernetes.”

This includes container behavior monitoring, Runtime Application Self-Protection (RASP), and process anomaly detection. These are valid and important aspects of runtime security.

However, this definition remains confined to the “monitor and detect” paradigm—identifying anomalies, raising alerts, and responding. In the AI era, this approach faces structural limitations.

2.2 A Broader Definition: Structural Protection of the Runtime Environment

This paper adopts a more comprehensive definition:

We define Runtime Security as follows:

Runtime Security is a defensive approach that directly protects runtime data as it is instantiated in CPU and memory, regardless of whether an intrusion attempt succeeds or fails.

This expanded definition includes:

While these technologies differ in approach, they share a common objective: minimizing information exposure after a breach.

2.3 Why This Expanded Definition Matters

Traditional “monitor and detect” runtime security relies on three assumptions:

• Anomalies can be detected
• There is time between detection and response
• Response is faster than the attack

In the AI era, all three assumptions are breaking down:

• AI can evade human-defined anomaly patterns
• Attacks progress in seconds, leaving no time for human judgment
• The speed race between attack AI and defense AI has no finish line

This is why we need defenses that work even when detection fails—defenses that don’t depend on speed. That means structural protection through memory encryption and runtime environment isolation.

3. The Structural Limits of Perimeter Defense

3.1 The Endless Proliferation of Attack Vectors

Modern cybersecurity relies on stacking specialized products for each attack vector:

Every new vector requires a new product, driving up costs and complexity. And as the last row shows, zero-day attacks have no corresponding perimeter defense.

3.2 The Fundamental Limits of Perimeter Defense

Perimeter defenses face structural limitations that no amount of technical improvement can overcome:

Limitation 1: Spec-compliant malicious inputs can be indistinguishable from benign content at the perimeter
CDR removes elements outside file format specifications. Attacks that exploit vulnerabilities using only specification-compliant data cannot be detected by design.

Limitation 2: Perimeter content inspection cannot parse end-to-end encrypted content without decryption keys
CDR requires parsing file contents. Encryption prevents parsing. These two requirements are fundamentally incompatible.

Limitation 3: Environment-dependent attacks
Some files are benign until they interact with a specific endpoint environment. Perimeter defenses cannot anticipate these context-dependent threats.

Limitation 4: One product per vector
Email, web, USB, cloud sharing—each vector requires its own product. Organizations cannot escape the “one product per vector” structure.

3.3 Stronger Defenses Create Smarter Blind Spots

As perimeter defenses improve, known attack patterns get blocked. But attackers adapt. Only the techniques that bypass perimeter controls survive—a form of natural selection that produces increasingly sophisticated, stealthy intrusions.

Worse, organizations that believe they have comprehensive perimeter coverage may unconsciously exclude those vectors from incident investigations. This is the paradox of advanced defense creating advanced blind spots.

4. The New Challenges of the AI Era

4.1 Phase 1: Humans Can No Longer Keep Up

The statistics from 2024–2025 are stark:

• The FBI’s IC3 reported $16.6B in reported cybercrime losses in 2024—a 33% increase from 2023.
  Source: FBI Press Release — “FBI Releases Annual Internet Crime Report” (April 2025)
• CrowdStrike reported a 442% increase in vishing between H1 and H2 2024.
  Source: CrowdStrike, “2025 Global Threat Report” (2025)
• A public incident-tracking analysis (combining Resemble.AI and the AI Incident Database) recorded 179 deepfake incidents in Q1 2025—19% more than all of 2024.
  Source: Surfshark Research — “Deepfake statistics and trends” (2025)

The speed and scale of attacks have outpaced what human security teams can handle manually. Recent demonstrations suggest that agentic attack workflows can compress compromise timelines dramatically—potentially to under an hour—outpacing human-led detect–decide–respond cycles.

And the fact that AI outperformed human bug hunters on HackerOne proves that humans can no longer keep pace with vulnerability discovery either. AI finds vulnerabilities faster than organizations can patch them—an asymmetry that exposes the limits of traditional vulnerability management.

Conclusion: Human-driven defense can no longer keep up. We need AI-powered defense.

4.2 Phase 2: The AI vs. AI Arms Race

Does deploying defensive AI solve the problem?

Palo Alto Networks has described 2026 as the “Year of the Defender,” arguing that AI-driven defenses are becoming essential to counter the speed and sophistication of AI-powered attacks. It also notes that autonomous agents may already outnumber humans in enterprise environments by roughly 82:1—pushing security toward an “AI vs. AI” dynamic.¹ ²

Footnotes

1. Palo Alto Networks, “2026 Predictions for Autonomous AI” (Nov 25, 2025).
2. Palo Alto Networks, Press Release — “Palo Alto Networks Forecasts 6 Predictions on Securing the New AI Economy for 2026” (Nov 18, 2025).

But this creates new problems:

An endless speed race

• Attack AI develops new techniques → Defense AI learns to counter them
• Defense AI improves detection rates → Attack AI evolves evasion methods
• This race has no end

Defensive AI becomes a target
PwC warns that autonomous systems with deep access and decision-making power can create a new form of insider risk—especially if compromised or misaligned. If defensive AI is compromised, attackers may gain privileged access to sensitive systems, data, and security controls.

Anthropic reported detecting the activity in mid-September 2025 and disclosed the disruption in November 2025.

Conclusion: The AI vs. AI arms race leads to an endless war of attrition.

4.3 Phase 3: A Third Way — “Don’t Fight the Battle at All”

This is where we need a paradigm shift.

As long as we participate in the speed race between attack AI and defense AI, defenders will always be playing catch-up. But if we have defenses that don’t depend on speed, we can exit this race entirely.

Consider:

• No matter how intelligent attack AI becomes
• No matter how fast AI discovers vulnerabilities
• No matter how many zero-days are found

Properly key-isolated, in-memory encrypted secrets are computationally infeasible to read without access to the keys—even after compromise.

This is not a probabilistic approach of “improving detection rates.” It is a mathematical guarantee of “computationally infeasible to decrypt.”

Even if AI accelerates vulnerability discovery to unprecedented speeds, if the data behind those vulnerabilities is encrypted, attackers get nothing but an empty vault.

Conclusion: Don’t compete on speed. Defend with structure. This is the third way.

5. The Chokepoint Defense Philosophy

5.1 Lessons from Military Strategy

In military strategy, a “chokepoint” is a narrow passage that enemies must traverse regardless of their approach route.

At the Battle of Thermopylae, 300 Spartans held off a Persian army of tens of thousands by defending a narrow pass. When enemies can attack from a hundred directions, you don’t need to guard a hundred gates—if every path must cross a single bridge, defend the bridge.

5.2 The Chokepoint in Cyberspace: CPU and Memory

In cybersecurity, the equivalent chokepoint is the CPU and memory—the runtime environment.

No matter how attack methods diversify, the right columns remain “Required.” This proves that the runtime environment is the one true chokepoint.

6. The Immutable Truth of Physical Law

6.1 The Limits of AI

AI has remarkable capabilities, but it cannot rewrite the laws of physics:

• AI cannot decrypt encrypted data through “cleverness”
• AI cannot access data that doesn’t exist in memory
• AI cannot execute code without using a CPU

No matter how advanced AI becomes, computers will always run on CPU and memory. This physical reality is the defender’s ultimate weapon.

6.2 A Three-Layer Defense Model

Modern cybersecurity requires thinking in three distinct layers:

Layer 1: Logical Defense (Traditional)

• Firewalls, IDS/IPS, EDR
• Characteristics: Pattern matching, signature-based
• Limitations: Bypassable by AI, ineffective against zero-days

Layer 2: AI-Driven Defense (Current Trend)

• Autonomous threat detection, predictive analytics, anomaly detection
• Characteristics: Machine learning, real-time adaptation
• Limitations: Arms race with attack AI, defensive AI itself becomes a target

Layer 3: Structural Defense (The Next Phase)

• Encryption protection of the runtime environment
• Characteristics: Based on physical laws, independent of AI capabilities
• Strength: Data remains mathematically protected even after intrusion

Traditional “Defense in Depth” meant multiple layers within the same logical plane. The new Defense in Depth must change the plane itself.

7. Structural Defense in Practice — Fine-Grained Memory Encryption

7.1 From “Detection” to “Immunity”

Traditional security operates on a “detect and respond” paradigm:

• Detect the threat → Failure to detect means failure to defend
• Respond after detection → Delayed response means damage

Structural defense operates on a different paradigm:

• Protect the runtime environment structurally
• Even after intrusion, protected data remains unreadable
• Protection persists regardless of detection success

This resembles the human immune system. The immune system doesn’t wait to “detect” every pathogen before responding. Structural defenses at the cellular level neutralize many threats before detection even occurs.

7.2 Fine-Grained Memory Encryption

The key to structural defense is fine-grained memory encryption.

Traditional memory encryption operates at the VM or process level. The AI era demands finer granularity:

• Encrypt only specific memory regions within a process
• Selectively protect secrets (credentials, API keys, encryption keys)
• Permit access from legitimate processes while cryptographically preventing unauthorized access

This granularity matters because AI-driven defense systems themselves hold vast amounts of secrets in memory. Even if defensive AI is compromised, encrypted secrets in memory leave attackers with nothing but an empty vault.

7.3 Why “Runtime” Matters

Static encryption (disk encryption, transport encryption) is already widespread. But data must be decrypted in memory the moment it’s processed. This “runtime” moment is the greatest vulnerability modern attackers target.

• Data at rest → Encrypted ✓
• Data in transit → TLS encrypted ✓
• Data in memory → Often accessible in plaintext during execution ✗

Closing this “runtime gap” is the most critical challenge of AI-era security.

8. Historical Cases: Lessons Learned

These cases demonstrate that even with comprehensive perimeter defenses, lack of runtime execution protection leads to catastrophic breaches:

① SolarWinds (2020)
Malware embedded in legitimate software updates compromised 18,000+ organizations, including U.S. government agencies. The updates carried valid digital signatures and passed every perimeter check.

② Log4Shell (2021)
A vulnerability in Java’s Log4j library. Legitimate log strings triggered arbitrary code execution. File-based defenses like CDR and WAF were ineffective against this fileless attack.

③ MOVEit Transfer (2023)
A zero-day vulnerability in file transfer software led to mass data theft worldwide. As a zero-day, no detection tool could respond.

④ XZ Utils Backdoor (2024)
A backdoor was systematically embedded in a core Linux library over several years. The code passed through legitimate build processes, evading package managers and security scanners.

All these cases share one truth: Perimeter defenses failed, but encrypted data in the runtime environment could have mitigated the damage.

9. Recommendations: Making Runtime Execution Protection Mandatory

9.1 This Is Not About Rejecting Perimeter Defense

To be clear: This paper does not argue against perimeter defenses. CDR, EDR, WAF, and other tools remain valuable and necessary at their respective layers.

AI-driven defense systems are also important. The logic that autonomous attacks require autonomous defense is sound.

However, as the last line of defense against attacks that bypass everything else—and as the foundation protecting AI defense systems themselves—runtime security is essential.

9.2 What Organizations Should Do Now

① Audit your current security investments
Check whether you’re overinvested in perimeter defense while neglecting runtime execution protection.

② Look beyond “AI vs. AI”
When deploying AI defense systems, verify how those systems themselves are protected.

③ Begin evaluating runtime security technologies
Explore memory encryption, Confidential Computing, and runtime environment isolation to find what fits your organization.

④ Adopt a “structural defense” mindset
Incorporate defenses based on physical laws—not just speed-based defenses—into your defense-in-depth strategy.

10. Conclusion

Cybersecurity is experiencing three distinct phases:

• Phase 1: Human-driven defense can’t keep up → We need AI-powered defense
• Phase 2: Attack AI and defense AI compete on speed and capability → An endless arms race
• Phase 3: Remove the need to fight at all → Structural defense

Attack vectors multiply endlessly. Attack AI evolves daily. AI now discovers vulnerabilities faster than humans and executes attacks without human intervention.

But every attack must ultimately pass through the single chokepoint of CPU and memory. This is physical law. No amount of AI advancement will change it.

Runtime security is not merely container monitoring or behavior detection. It must be redefined to include structural protection of the runtime environment itself—a more fundamental layer of defense.

In the discourse on defense in depth, “runtime execution protection” must be recognized as a mandatory layer. The shift from speed-based to structure-based defense is the key to building security strategies that are fundamentally resilient against escalating attacks in the AI era.

From “winning on speed” to “changing the rules of the game.”

That is the essence of security in the age of AI.

Next reading

• The End of the MFA Myth
• Granularity: The Hidden Determinant of Security Boundaries