The CSA Just Put Deception on Every CISO's 90-Day Plan. Here's Why.

Last week, the Cloud Security Alliance (CSA) published the expedited strategy briefing The “AI Vulnerability Storm”: Building a Mythos-ready Security Program, just 5 days after news about Mythos broke. It was authored by Gadi Evron, Rich Mogull, and Robert T. Lee, with contributing authors that include Jen Easterly (CEO of RSAC, former Director of CISA), Bruce Schneier, Chris Inglis (former National Cyber Director), Heather Adkins (CISO of Google), Rob Joyce (former NSA Cybersecurity Director), and Phil Venables (former CISO of Google Cloud). More than 80 CISOs and practitioners reviewed and signed off on the guidance document, from organizations including Netflix, Cloudflare, Wells Fargo, Atlassian, the NFL, lululemon, and dozens more.

This strategy briefing is the closest thing the cybersecurity industry has to a consensus document.

Among its 11 priority actions, the briefing recommends that organizations build a deception capability within the next 90 days. It classifies the risk as HIGH – significant exposure within 45 days if left unaddressed.

If you've dismissed Deception as a nice-to-have, or as a control reserved only for advanced security teams, this recommendation should shift your thinking.

The problem the CSA is responding to

The briefing is a response to Anthropic's Claude Mythos – a model that autonomously discovers thousands of critical vulnerabilities across every major operating system and browser, generates working exploits without human guidance, and chains complex multi-step vulnerabilities that previous models couldn't find. In internal lab testing, Mythos generated 181 working exploits on Firefox where Claude Opus 4.6 succeeded only twice under the same conditions.

In the aftermath of Anthropic’s disclosure, the security industry has debated its claims and whether Anthropic has been overly alarmist. But what’s not up for debate is the impact that AI will have on helping attackers find and exploit exposures – vulnerabilities, misconfigurations, and the like. Regardless of degrees, AI model capabilities will proliferate, open-weight models will follow, and the cost and skill floor for autonomous vulnerability discovery and exploitation has permanently dropped. The CSA is calling this change a structural shift, not a temporary spike.

The Zero Day Clock, cited in the briefing, tells the story visually. Time-to-exploit – the gap between vulnerability disclosure and confirmed exploitation – has collapsed from 2.3 years in 2018 to less than one day in 2026. AI didn't start this trend, but it's about to accelerate it beyond anything current patch cycles can absorb.

This context set the stage for the CSA's recommendations. To address not a hypothetical risk but a documented capability that is already being used offensively and will become broadly accessible.

The detection velocity problem

The CSA briefing identifies "Inadequate Incident Detection and Response Velocity" as a CRITICAL risk — the highest severity rating in their framework, meaning immediate exposure if unaddressed.

Here’s the description – "Detection and response at human speed against machine-speed attacks. Alert triage volumes, SIEM correlation speed, and containment authorization latency were designed for human-paced threats."

This structural problem is what every detection-focused security team needs to accept. Your detection stack – EDR, NDR, SIEM, XDR – was architected for an era when attackers moved at human speed. These tools correlate events over minutes or hours. They assume dwell time. They accumulate evidence across multiple signals before generating a high-confidence incident.

By the time today’s correlation-based detections can raise an actionable alarm, an agentic attacker operating at machine speed, that iterates on errors instantly, runs parallel attack paths, and completes full kill chains in hours, has already completed the mission. At the point your SIEM correlates events from steps 1 and 2, the agent is past step 7 and has your data.

You can't tune your way out of this. Shortening your correlation window just explodes your alert volume. You’d end up drowning in probabilistic signals, each one a "maybe" that forces your analysts to spend time triaging noise – in the meantime, the attacker’s work is done.

Why the CSA recommends Deception

The briefing's Priority Action #9 reads:

"Deception is attack-tool and vulnerability independent, identifying attacks and attackers based on their TTPs. Deploy canaries and honey tokens, layer behavioral monitoring, pre-authorize containment actions, and build response playbooks that execute at machine speed."

This recommendation includes three key points you must understand.

"Attack-tool and vulnerability independent."

Independence is the property that makes Deception structurally different from every other detection class. Signature-based detection fails when the attacker uses a new tool. Behavioral detection fails when the attacker uses legitimate tools – PowerShell, Python, standard APIs – that look identical to normal activity. Deception doesn't care what tool the attacker uses or which vulnerability they exploited to get in. A decoy is a tripwire. It alerts on interaction, regardless of what the attacker is carrying.

Against Mythos-class threats specifically, this shifts the power back to the defenders. When AI can discover and exploit novel vulnerabilities autonomously, your signatures are useless by definition – the vulnerability didn't exist in your detection database an hour ago. Behavioral detection helps, but it hits the same probabilistic wall: is this an AI agent or a developer running a new script? Deception sidesteps these questions entirely. If someone touches a decoy, they're not supposed to be there. Period. No ambiguity. No investigation. No triage.

"Identifying attacks and attackers based on their TTPs."

Deception doesn't just alert — it characterizes. When an attacker interacts with a decoy, you capture their tools, their techniques, the credentials they're using, and the exploit payloads they're deploying. This intelligence feeds back into your entire security program. Against agentic attackers, this information becomes even more valuable: you're observing the agent's decision-making loop in real time.

"Pre-authorize containment actions and build response playbooks that execute at machine speed."

SOAR and automation didn’t fail because of bad products or bad technology. They failed because they were trying to automate actions in response to probabilistic alerts. And no security team in their right minds would automate a containment or block action if the incident alert is a “maybe.” Deception isn't just about catching the attacker. It's about responding before a human even sees the alert. When a decoy fires, it’s a sure thing and you can auto-trigger containment – isolate the compromised host, block the IP, revoke the credential – at the speed of the attack, not the speed of your SOC's triage queue. The CSA explicitly calls for machine-speed response because the authors understand that human-speed response against machine-speed attacks is functionally no response at all.

"Isn't Deception just a honeypot?"

If that's your reaction, you're thinking about Deception circa 2015. A honeypot was a single box in a corner of your network hoping someone would touch it. Modern Deception instruments your entire environment – vulnerable-looking app decoys at the perimeter, network decoys across every segment, fake identities in Active Directory, decoy cloud resources in your AWS, Azure, and GCP accounts, lures on your endpoint, decoy AI endpoints mimicking your internal LLM infrastructure.

The difference is coverage and realism. You're not deploying one trap – you're layering synthetic assets across every attack surface an adversary would traverse, spanning network, identity, cloud, and AI infrastructure, creating a “defense surface.” Attackers aren’t stumbling into a trap – they’re operating in an environment where a meaningful percentage of what they discover is designed to catch them.

Against an agentic attacker – one that explores exhaustively, probes every service it finds, and uses every credential it collects – broad coverage with decoys becomes decisive. The agent can't be selective without sacrificing the speed that makes it dangerous. It has to choose: be thorough and hit decoys, or be cautious and lose its advantage. And if it does choose to be cautious, it has to map the environment to find a decoy, which still generates an alert on your decoys. Either way, Deception changes the attacker's economics in the defender's favor.

What this CSA recommendation means for your AI SOC investment

If you're investing in an AI SOC – and 47% of CISOs say countering AI-driven threats is a top spend priority – you need to think about what you're feeding it.

An AI SOC triages alerts, correlates signals, and automates response. It's only as good as the signals it ingests. Feed it the probabilistic output of your EDR, NDR, and SIEM, and it will process probabilities faster. That's useful, but the output is still a prioritized list of "maybes."

Feed it Deception alerts – deterministic, zero-false-positive indicators that require no investigation – and you give your SOC compelling anchor points. When a decoy fires, the AI SOC knows with certainty an attack is underway and can backtrack through correlated telemetry to reconstruct the full kill chain. The Deception alert is the ground truth that makes every other signal in your stack more valuable.

This architecture isn't theoretical. It's the operational model that transforms an AI SOC from a faster triage engine into an actual detection-and-response capability.

The 90-day recommendation

The CSA briefing isn't suggesting you think about Deception. It's recommending you start building the capability in the next 90 days, with a 6-month horizon to operational deployment. The briefing assesses risk as significant exposure within 45 days if this class of control is absent.

You can decide the CSA's timeline is too aggressive for your organization. That's a reasonable position. But consider the signatories. These are practitioners who've run security programs at Google, the NSA, CISA, Cloudflare, Netflix, and Wells Fargo. They've seen what's coming and they've converged on a set of recommendations. Deception is on the list. And concerns that it’s not possible to deploy decoys that fast may be another artifact from 2015’s notion of Deception – Zscaler, for example, now supports one-click deployments that have customers up and running in mere hours.

The question isn't whether Deception works. The DoD and NSA settled that – 100% of attackers in their study hit decoys before real assets, and decoys absorbed 83% of exploit attempts while comprising only 19% of the environment. The question is whether your organization can afford not to have this defense surface when the attackers are operating at machine speed and your detection stack was built for a different era.

The technical case for Deception has been there for years. The CSA just gave you the business case. What are you waiting for?

Learn more about Zscaler Deception here.