Tuskira has launched Kairo, a new breach modeling capability that uses security data mesh and digital twin technology to uncover deep, hidden attack paths. Kairo enables security teams to model how attackers could use emerging AI models to move laterally across cloud, IT, and OT environments, exposing complex kill chains and validating whether existing security controls can be bypassed without detection by SOC teams. The platform is designed to identify exploitable attack paths, reveal involved entities, and help organizations reduce their attack surface.
Frontier AI models such as Anthropic’s Mythos show that, in a 7-week internal eval, autonomously found 2,000+ zero-day vulnerabilities and generated working exploits, roughly 30% of the world’s annual zero-day output, from one model. The shift that matters isn’t “more vulns”, it’s that discovery and exploitation are now happening in the same autonomous loop, and equivalent capabilities will reach adversaries.
Unlike approaches that evaluate vulnerabilities, alerts, identities, or cloud misconfigurations in isolation, Kairo reasons across the full environment. It maps cross-domain breach paths across identity, endpoint, cloud, workload, network, exposure, and control data; identifies which paths remain open; and gives SecOps teams the context needed to improve detection, response, and control decisions before those paths become incidents.
Kairo addresses threats driven from frontier models like Mythos by showing whether newly disclosed or AI-discovered zero-days create “Breachable” breach paths in the customer’s environment. Kairo further validates whether deployed defenses reduce or block those paths, shows where detection coverage is missing, and recommends or orchestrates the control action that breaks the chain through existing tools.
Kairo models identity, cloud, workload, endpoint, network, exposure, and control data into a live digital twin of the customer environment. It continuously simulates breach paths to crown-jewel assets, including east-west movement, cross-cloud pivots, identity-to-cloud escalation, insider activity, and workload-to-data paths. It then determines which paths are blocked or reduced by deployed defenses and identifies the highest-leverage control action to break the chain through tools such as firewalls, EDR, IAM, WAF, SIEM, and cloud controls, with analyst approval where policy requires.
“Security teams have findings, controls, alerts, and detections, but they still struggle to see which breach paths remain open across the environment,” said Piyush Sharrma, CEO and Co-founder of Tuskira. “Kairo changes that. It’s breach modeling all kinds of paths attackers can actually use, and helps disrupt the chain. We’re helping security teams move from counting findings to building breach resilience.”
Kairo is designed for the reality that attackers don’t respect tool boundaries. A suspicious identity event, an endpoint pivot, a cloud trust relationship, an exposed workload, and unusual data movement may look routine in isolation. Chained together, they become a breach path. Kairo surfaces those toxic combinations across domains and helps teams close the path through the security stack they already operate.
Kairo introduces four core capabilities:
- Unified Breach Path Graph: Fuses identity, endpoint, cloud, workload, network, exposure, control, detection, and business context into a single graph, without requiring SIEM migration or full log centralization.
- Cross-Domain Path Computation: Continuously evaluates exploitability, privilege, east-west movement, network reachability, cross-cloud access, insider risk, and business criticality to determine which paths can actually reach crown-jewel assets.
- Residual Path Detection: Identifies breach paths that remain open after existing controls and detections are considered, including paths created by ordinary signals that become dangerous only when chained together.
- Highest-Leverage Control Action: Recommends or orchestrates firewall, IAM, WAF, SIEM, EDR, or cloud-control changes that break multiple paths through a shared control point, with analyst approval where policy requires.
In Tuskira deployments, Kairo has deprioritized up to 99% of scanner findings as unreachable, recomputed path maps in minutes as environments change, and helped SecOps teams focus investigation and response on the smaller set of paths that remain exploitable, insufficiently detected, or insufficiently controlled.
“2026 is the year attackers are moving from AI-assisted activity to AI-enabled operations, and defenders need to adapt,” said Charles Gifford, CISO of Intrado. “That’s why Intrado partnered with Tuskira.”
Related News:
Cyberhaven Expands Agentic AI Security Platform for Autonomous Agents
