@base . @prefix schema: . @prefix owl: . <#article> a schema:Article ; schema:headline "Fortifying the enterprise: 10 actions to take now for AI-ready cyber resilience"@en ; schema:name "Fortifying the enterprise: 10 actions to take now for AI-ready cyber resilience"@en ; schema:datePublished "2026-04-17" ; schema:inLanguage "en" ; schema:url ; schema:publisher <#jpmorganchase-tech-blog> ; schema:author <#jpmc-global-technology-leadership-team> ; schema:about <#ai-ready-cyber-resilience>, <#technical-debt-reduction>, <#asset-reference-data>, <#vulnerability-management>, <#incident-response-resilience>, <#third-party-dependencies>, <#change-management-speed>, <#outbound-traffic-filtering>, <#privileged-access-management>, <#network-segmentation>, <#secure-ai-lifecycle> ; schema:articleSection "Run the Latest Software Versions"@en, "Manage Assets and Software Components with Reference Data"@en, "Build and Operate a Robust Vulnerability Management Program"@en, "Stress Test Incident Response and Resiliency Plans"@en, "Know Your Major SaaS and Outsourced Dependencies"@en, "Optimize Change Management for Speed"@en, "Aggressively Filter Outbound Traffic from Production Systems"@en, "Remove Standing Privileges from Employee Entitlements"@en, "Manage Remote Access and Segment Where Possible"@en, "Embed Security into the AI Development and Deployment Lifecycle"@en ; schema:abstract """The article argues that AI is accelerating cyber risk and shrinking the time from vulnerability discovery to exploitation, which means enterprises need disciplined, senior-backed modernization and ten urgent resilience actions spanning software currency, inventory, patching, incident response, dependency management, change speed, egress control, privileged access, segmentation, and AI security practices."""@en ; schema:articleBody """The JPMorganChase Global Technology Leadership Team frames AI as changing the economics of cyber risk by increasing attack automation and compressing remediation windows. The article argues that organizations need urgency, disciplined execution, and foundational security modernization to reduce technical debt and make secure delivery the easiest path. It then lays out ten high-value actions designed to improve resilience against faster-moving exploit conditions, especially where adversaries can automate discovery and exploitation at scale."""@en ; schema:hasPart <#action-1>, <#action-2>, <#action-3>, <#action-4>, <#action-5>, <#action-6>, <#action-7>, <#action-8>, <#action-9>, <#action-10> ; schema:mentions <#defined-terms>, <#cyber-resilience-howto>, <#faq-1>, <#faq-2>, <#faq-3>, <#faq-4>, <#faq-5>, <#faq-6>, <#faq-7>, <#faq-8>, <#faq-9>, <#faq-10>, <#cisa-kev>, <#log4shell>, <#solarwinds> . <#jpmorganchase-tech-blog> a schema:Blog ; schema:name "JPMorganChase Technology Blog"@en ; schema:url ; schema:publisher <#jpmorganchase> . <#jpmorganchase> a schema:Organization ; schema:name "JPMorganChase"@en ; schema:url ; owl:sameAs . <#jpmc-global-technology-leadership-team> a schema:Organization ; schema:name "JPMorganChase Global Technology Leadership Team"@en ; schema:parentOrganization <#jpmorganchase> ; schema:description """The credited author team for the article, representing the firm's technology leadership perspective on enterprise cyber resilience in the age of AI."""@en . <#ai-ready-cyber-resilience> a schema:DefinedTerm ; schema:name "AI-ready cyber resilience"@en ; schema:description """The article's central concept: building the technical, operational, and governance resilience needed to withstand an AI-accelerated threat environment where vulnerability discovery and exploitation happen faster and at greater scale."""@en . <#technical-debt-reduction> a schema:DefinedTerm ; schema:name "Technical debt reduction"@en ; schema:description """The article treats reducing technical debt as an immediate senior-level priority because legacy software and aging systems slow response to newly discovered vulnerabilities and may no longer receive fixes."""@en . <#asset-reference-data> a schema:DefinedTerm ; schema:name "Asset and software reference data"@en ; schema:description """Continuously updated inventories and software component records, enriched with ownership, criticality, exposure, and data classification so response teams know where they are exposed."""@en . <#vulnerability-management> a schema:DefinedTerm ; schema:name "Robust vulnerability management"@en ; schema:description """A continuous, SLA-driven process for discovering, prioritizing, testing, patching, and tracking known vulnerabilities with emphasis on critical and internet-facing assets."""@en . <#incident-response-resilience> a schema:DefinedTerm ; schema:name "Incident response and resiliency testing"@en ; schema:description """The practice of exercising response and recovery plans through tabletop exercises, live simulations, restoration drills, and gap-closing follow-through so resilience is proven in practice."""@en . <#third-party-dependencies> a schema:DefinedTerm ; schema:name "Major SaaS and outsourced dependencies"@en ; schema:description """The register of critical service providers, platforms, and outsourced operators that an enterprise depends on for business functions, data processing, or technology operations."""@en . <#change-management-speed> a schema:DefinedTerm ; schema:name "Change management for speed"@en ; schema:description """Reworking patching and deployment processes so critical security changes reach production faster through automation, staged rollout, rollback, and emergency pathways."""@en . <#outbound-traffic-filtering> a schema:DefinedTerm ; schema:name "Outbound traffic filtering"@en ; schema:description """Allow-list based outbound web traffic controls for production systems, designed to reduce software supply chain risk, command-and-control callbacks, and data exfiltration."""@en . <#privileged-access-management> a schema:DefinedTerm ; schema:name "Privileged access management"@en ; schema:description """Replacing standing privileged access with vaulted credentials, just-in-time access, MFA, session recording, and regular entitlement review for people and machine identities."""@en . <#network-segmentation> a schema:DefinedTerm ; schema:name "Remote access control and segmentation"@en ; schema:description """Containing compromise through strong multifactor remote access, trusted devices, segmentation between trust zones, and explicit authentication and authorization between systems."""@en . <#secure-ai-lifecycle> a schema:DefinedTerm ; schema:name "Secure AI development and deployment lifecycle"@en ; schema:description """Applying rigorous threat modeling, access controls, integrity monitoring, audit logging, and review standards to AI systems, model assets, and AI-generated artifacts."""@en . <#cisa-kev> a schema:DefinedTerm ; schema:name "CISA Known Exploited Vulnerabilities list"@en ; schema:url ; schema:description """The article recommends using CISA's Known Exploited Vulnerabilities catalog as part of prioritization when correlating vulnerability data with threat intelligence and exploit availability."""@en . <#log4shell> a schema:DefinedTerm ; schema:name "Log4Shell"@en ; schema:description """Referenced as an example of an incident whose impact would have been substantially reduced by strict outbound filtering of production systems."""@en . <#solarwinds> a schema:DefinedTerm ; schema:name "SolarWinds compromise"@en ; schema:description """Referenced as an example of a supply chain compromise whose blast radius outbound filtering could have materially mitigated."""@en . <#defined-terms> a schema:DefinedTermSet ; schema:name "Defined terms for AI-ready cyber resilience"@en ; schema:hasPart <#ai-ready-cyber-resilience>, <#technical-debt-reduction>, <#asset-reference-data>, <#vulnerability-management>, <#incident-response-resilience>, <#third-party-dependencies>, <#change-management-speed>, <#outbound-traffic-filtering>, <#privileged-access-management>, <#network-segmentation>, <#secure-ai-lifecycle>, <#cisa-kev>, <#log4shell>, <#solarwinds> ; schema:isPartOf <#article> . <#action-1> a schema:WebPageElement ; schema:name "Run the Latest Software Versions"@en ; schema:position 1 ; schema:about <#technical-debt-reduction> ; schema:text """The article argues that end-of-life and outdated software are major attack vectors, so organizations should prioritize upgrades, replace aging hardware, keep open source dependencies current, and use trusted artifact repositories."""@en . <#action-2> a schema:WebPageElement ; schema:name "Manage Assets and Software Components with Reference Data"@en ; schema:position 2 ; schema:about <#asset-reference-data> ; schema:text """Organizations need continuously updated inventories, software bills of materials, enriched ownership and criticality data, and reconciliation against discovery scanning so exposure can be identified quickly."""@en . <#action-3> a schema:WebPageElement ; schema:name "Build and Operate a Robust Vulnerability Management Program"@en ; schema:position 3 ; schema:about <#vulnerability-management>, <#cisa-kev> ; schema:text """The article calls for rapid remediation of known vulnerabilities, especially on internet-facing assets, with continuous scanning, patch testing, remediation SLAs, context-based prioritization, and executive visibility into aging and exceptions."""@en . <#action-4> a schema:WebPageElement ; schema:name "Stress Test Incident Response and Resiliency Plans"@en ; schema:position 4 ; schema:about <#incident-response-resilience> ; schema:text """Plans should be validated through tabletop exercises, live simulations, restoration tests, and inclusion of business, legal, communications, and third-party stakeholders, with findings actually closed after each exercise."""@en . <#action-5> a schema:WebPageElement ; schema:name "Know Your Major SaaS and Outsourced Dependencies"@en ; schema:position 5 ; schema:about <#third-party-dependencies> ; schema:text """The article stresses maintaining a current register of critical providers, assessing their resilience and security commitments, sharing dependency information across teams, and having contingency and exit plans."""@en . <#action-6> a schema:WebPageElement ; schema:name "Optimize Change Management for Speed"@en ; schema:position 6 ; schema:about <#change-management-speed> ; schema:text """Security patch deployment delays are framed as avoidable exposure, so organizations should map patch lifecycles, automate testing and rollout, create emergency pathways, and track mean-time-to-patch."""@en . <#action-7> a schema:WebPageElement ; schema:name "Aggressively Filter Outbound Traffic from Production Systems"@en ; schema:position 7 ; schema:about <#outbound-traffic-filtering>, <#log4shell>, <#solarwinds> ; schema:text """Default-deny outbound filtering for production systems is described as disproportionately valuable because it constrains supply chain attack paths, command-and-control traffic, and exfiltration channels."""@en . <#action-8> a schema:WebPageElement ; schema:name "Remove Standing Privileges from Employee Entitlements"@en ; schema:position 8 ; schema:about <#privileged-access-management> ; schema:text """Persistent privileged access should be replaced with just-in-time controls, vaulted credentials, MFA, session recording, entitlement review, and stronger handling of service accounts and machine identities."""@en . <#action-9> a schema:WebPageElement ; schema:name "Manage Remote Access and Segment Where Possible"@en ; schema:position 9 ; schema:about <#network-segmentation> ; schema:text """The article recommends strong MFA for remote access, trusted devices, segmented connectivity between trust levels, explicit authentication between systems, and red-team validation of containment controls."""@en . <#action-10> a schema:WebPageElement ; schema:name "Embed Security into the AI Development and Deployment Lifecycle"@en ; schema:position 10 ; schema:about <#secure-ai-lifecycle> ; schema:text """AI is treated as both a threat accelerant and a capability, so organizations should threat model AI systems early, protect models and data as high-value assets, and subject AI-generated artifacts to the same review standards as human-authored ones."""@en . <#cyber-resilience-howto> a schema:HowTo ; schema:name "How to strengthen AI-ready cyber resilience now"@en ; schema:about <#ai-ready-cyber-resilience>, <#vulnerability-management>, <#secure-ai-lifecycle> ; schema:isPartOf <#article> ; schema:step <#step-1>, <#step-2>, <#step-3>, <#step-4> ; schema:description """The article describes a practical operating sequence: modernize and reduce debt, know what assets and dependencies exist, accelerate remediation and controls, and treat AI-enabled development and operations with the same or greater security rigor as other critical systems."""@en . <#step-1> a schema:HowToStep ; schema:name "Reduce legacy exposure first"@en ; schema:position 1 ; schema:text "Prioritize software currency, hardware lifecycle replacement, and technical debt reduction with senior-level oversight."@en ; schema:isPartOf <#cyber-resilience-howto> . <#step-2> a schema:HowToStep ; schema:name "Build trustworthy inventory and dependency visibility"@en ; schema:position 2 ; schema:text "Maintain asset inventories, SBOMs, ownership data, business criticality, exposure context, and key SaaS dependency registers."@en ; schema:isPartOf <#cyber-resilience-howto> . <#step-3> a schema:HowToStep ; schema:name "Increase speed of remediation and containment"@en ; schema:position 3 ; schema:text "Continuously scan, patch based on criticality and exposure, speed up change management, filter outbound traffic, and reduce standing privilege."@en ; schema:isPartOf <#cyber-resilience-howto> . <#step-4> a schema:HowToStep ; schema:name "Exercise resilience and secure AI usage"@en ; schema:position 4 ; schema:text "Stress test response plans, validate recovery, segment environments, and apply rigorous security practices to AI systems and AI-generated outputs."@en ; schema:isPartOf <#cyber-resilience-howto> . <#faq-1> a schema:Question ; schema:name "Why does the article say AI changes cyber risk economics?"@en ; schema:text "Why does the article say AI changes cyber risk economics?"@en ; schema:acceptedAnswer <#faq-1-answer> ; schema:isPartOf <#article> . <#faq-1-answer> a schema:Answer ; schema:text "Because AI lets adversaries scale attacks, shrink the time between vulnerability discovery and exploitation, and increase daily threat volume."@en ; schema:isPartOf <#article> . <#faq-2> a schema:Question ; schema:name "What is the article's first strategic priority?"@en ; schema:text "What is the article's first strategic priority?"@en ; schema:acceptedAnswer <#faq-2-answer> ; schema:isPartOf <#article> . <#faq-2-answer> a schema:Answer ; schema:text "The first priority is reducing legacy risk by running current software versions and treating technical debt reduction as an immediate executive concern."@en ; schema:isPartOf <#article> . <#faq-3> a schema:Question ; schema:name "Why are inventory and SBOMs emphasized?"@en ; schema:text "Why are inventory and SBOMs emphasized?"@en ; schema:acceptedAnswer <#faq-3-answer> ; schema:isPartOf <#article> . <#faq-3-answer> a schema:Answer ; schema:text "Because organizations cannot remediate what they do not know exists, and attackers will exploit blind spots before defenders find them."@en ; schema:isPartOf <#article> . <#faq-4> a schema:Question ; schema:name "What does a strong vulnerability management program require?"@en ; schema:text "What does a strong vulnerability management program require?"@en ; schema:acceptedAnswer <#faq-4-answer> ; schema:isPartOf <#article> . <#faq-4-answer> a schema:Answer ; schema:text "Rapid remediation, continuous scanning, tested patches, severity-based SLAs, contextual prioritization, and executive accountability for exceptions."@en ; schema:isPartOf <#article> . <#faq-5> a schema:Question ; schema:name "How should organizations test resilience?"@en ; schema:text "How should organizations test resilience?"@en ; schema:acceptedAnswer <#faq-5-answer> ; schema:isPartOf <#article> . <#faq-5-answer> a schema:Answer ; schema:text "Through tabletop exercises, live simulations, full restoration tests, dependency rehearsals, and disciplined closure of findings."@en ; schema:isPartOf <#article> . <#faq-6> a schema:Question ; schema:name "Why are SaaS and outsourced providers treated as cyber dependencies?"@en ; schema:text "Why are SaaS and outsourced providers treated as cyber dependencies?"@en ; schema:acceptedAnswer <#faq-6-answer> ; schema:isPartOf <#article> . <#faq-6-answer> a schema:Answer ; schema:text "Because outages or compromises at critical providers still become your incident to manage, regardless of where the fault originated."@en ; schema:isPartOf <#article> . <#faq-7> a schema:Question ; schema:name "Why does the article focus so much on patch speed?"@en ; schema:text "Why does the article focus so much on patch speed?"@en ; schema:acceptedAnswer <#faq-7-answer> ; schema:isPartOf <#article> . <#faq-7-answer> a schema:Answer ; schema:text "Because every day between fix availability and production deployment is unnecessary exposure in an environment where exploitation can be automated immediately."@en ; schema:isPartOf <#article> . <#faq-8> a schema:Question ; schema:name "What does outbound filtering protect against?"@en ; schema:text "What does outbound filtering protect against?"@en ; schema:acceptedAnswer <#faq-8-answer> ; schema:isPartOf <#article> . <#faq-8-answer> a schema:Answer ; schema:text "It reduces exposure to software supply chain attacks, command-and-control callbacks, and data exfiltration by constraining production systems' internet access."@en ; schema:isPartOf <#article> . <#faq-9> a schema:Question ; schema:name "How should privileged access change?"@en ; schema:text "How should privileged access change?"@en ; schema:acceptedAnswer <#faq-9-answer> ; schema:isPartOf <#article> . <#faq-9-answer> a schema:Answer ; schema:text "Standing privilege should be removed in favor of vaulted credentials, just-in-time access, MFA, session recording, and aggressive entitlement review."@en ; schema:isPartOf <#article> . <#faq-10> a schema:Question ; schema:name "What is the article's stance on AI-enabled development?"@en ; schema:text "What is the article's stance on AI-enabled development?"@en ; schema:acceptedAnswer <#faq-10-answer> ; schema:isPartOf <#article> . <#faq-10-answer> a schema:Answer ; schema:text "AI should be treated with the same rigor or more than any other critical system, including threat modeling, asset protection, and review of AI-generated outputs before production use."@en ; schema:isPartOf <#article> .