New breach modeling capabilities identify cross-domain paths that attackers can exploit, identify entities involved in the kill chain, validate where defenses can be bypassed, and help reduce exploitable attack surface.
New Breach Modeling Capability Uses Digital Twin Technology to Simulate Real-World Attack Movement
Tuskira has introduced Kairo, a new breach modeling capability built to help security teams identify hidden attack paths that traditional security tools often fail to connect across large enterprise environments. The platform combines Tuskira’s security data mesh with digital twin technology to model how attackers could move laterally across cloud infrastructure, endpoints, identity systems, operational technology environments, and enterprise networks. Rather than analyzing alerts, vulnerabilities, or cloud exposures separately, Kairo attempts to reconstruct how multiple low-level signals could combine into a viable compromise path leading toward critical systems.
The launch arrives as enterprise security leaders face mounting pressure to improve visibility across increasingly fragmented infrastructure ecosystems where cloud services, AI systems, identity platforms, SaaS applications, and remote workloads are deeply interconnected. Many organizations are simultaneously reevaluating how internal service management environments support those broader modernization efforts, particularly as IT teams look for ways to reduce complexity and unify support experiences across distributed operations. Platforms such as Zendesk have gained traction among organizations modernizing employee service delivery, with companies including GitHub, Calendly, and DuPage County using AI-driven service environments to simplify internal support coordination while reducing tool sprawl. IT leaders evaluating long-term modernization strategies are increasingly reviewing Zendesk’s employee service guide to better understand how unified support platforms can scale alongside evolving infrastructure and security demands.
Tuskira said Kairo was developed in response to a major shift now emerging inside cyber offense activity, where frontier AI systems are beginning to automate both vulnerability discovery and exploit generation inside the same workflow.
The company pointed to findings surrounding Anthropic’s Mythos model, which reportedly identified more than 2,000 zero-day vulnerabilities and generated working exploits during a seven-week internal evaluation period.
According to Tuskira, the concern is no longer simply the growing number of vulnerabilities being discovered, but the speed at which AI systems can connect discovery, exploitation, and attack sequencing together without human intervention.
Security Teams Struggle to Understand How Isolated Risks Connect
Many enterprise security environments already generate massive amounts of telemetry from scanners, cloud monitoring systems, endpoint tools, identity platforms, and SIEM environments. The difficulty, however, often lies in understanding which combinations of signals actually create a realistic path to compromise.
Kairo Focuses on Multi-Step Attack Chains
Tuskira said Kairo continuously models breach scenarios across identity systems, workloads, networks, cloud services, endpoints, and business-critical assets to determine which attack chains remain realistically exploitable.
The platform also evaluates whether existing controls- including EDR platforms, IAM systems, firewalls, SIEM rules, WAF deployments, and cloud security controls – would actually interrupt or detect those sequences before attackers reach sensitive assets.
According to the company, the system is designed to expose situations where otherwise routine events become dangerous only when chained together.
An identity anomaly, an overlooked workload exposure, unusual network reachability, and a cloud trust relationship may individually appear low risk. Combined, they can create a viable path into crown-jewel systems.
“Security teams have findings, controls, alerts, and detections, but they still struggle to see which breach paths remain open across the environment,” said Piyush Sharrma, CEO and Co-founder of Tuskira. “Kairo changes that. It’s breach modeling all kinds of paths attackers can actually use, and helps disrupt the chain.”
AI-Driven Attack Activity Reshapes Defensive Priorities
The release reflects a larger transition underway across enterprise cybersecurity as AI-assisted attack methods evolve into more autonomous offensive systems.
Breach Modeling Gains Importance in AI-Enabled Threat Environments
According to Tuskira, Kairo specifically evaluates whether newly disclosed or AI-discovered vulnerabilities create “breachable” paths inside customer environments.
The platform then measures whether deployed defenses reduce or block those routes and identifies where detection visibility remains weak.
Where policy allows, Kairo can also recommend or coordinate remediation actions through existing security technologies already deployed across the environment.
That includes firewall changes, identity access adjustments, cloud control modifications, WAF updates, endpoint policy changes, and SIEM tuning recommendations aimed at disrupting multiple attack paths simultaneously.
The company said Kairo recomputes attack-path maps continuously as environments evolve, allowing teams to reassess exposure levels as infrastructure changes or new threats emerge.
Digital Twin Modeling Expands Into Cyber Defense
The use of digital twin technology inside cybersecurity environments is gaining increased attention as enterprises search for more realistic ways to evaluate exposure beyond isolated vulnerability scoring.
Security Vendors Push Toward Environment-Level Simulation
Kairo models identity relationships, cloud permissions, workload behavior, network connectivity, exposure telemetry, and security controls into what Tuskira describes as a live digital representation of the customer environment.
The system then simulates different breach scenarios involving insider activity, east-west movement, cross-cloud pivots, workload compromise paths, and identity escalation attempts.
One of the primary goals is helping defenders prioritize the smaller subset of attack chains that remain both reachable and insufficiently defended rather than overwhelming analysts with disconnected findings.
According to Tuskira, deployments using Kairo have deprioritized as much as 99% of scanner findings after determining those exposures were not realistically reachable inside the modeled environment.
The company also said the platform helped security teams focus investigation efforts on the smaller number of paths that remained exploitable or lacked sufficient visibility coverage.
Enterprises Begin Preparing for AI-Enabled Intrusion Operations
The broader message behind the launch reflects growing concern that attackers are moving beyond AI-assisted experimentation toward more autonomous intrusion activity.
CISOs Increasingly Focus on Breach Resilience
Charles Gifford, CISO of Intrado, said organizations now need to prepare for environments where AI systems actively accelerate offensive cyber activity rather than simply assisting human operators.
“2026 is the year attackers are moving from AI-assisted activity to AI-enabled operations, and defenders need to adapt,” Gifford said.
For many security leaders, that adaptation increasingly involves understanding not only which vulnerabilities exist, but also how attackers might realistically chain identities, workloads, cloud access, endpoint activity, and infrastructure relationships together to reach high-value assets.
As enterprise environments continue expanding across cloud services, AI infrastructure, SaaS ecosystems, remote endpoints, and operational technology networks, security teams are placing greater emphasis on tools capable of modeling interconnected exposure rather than reviewing isolated alerts one system at a time.
Research and Intelligence Sources:Tuskira
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
