The Rise of CTEM - Why AI Demands a New Approach to Security

razorthorn logo
Razorthorn Security
Apr 8, 2026
Razorthorn

What happens when your organisation adopts AI faster than your security strategy can keep up?

Welcome to Razorwire, the podcast where we share our take on the world of cybersecurity with direct, practical advice for professionals and business owners alike. I’m Jim and in this episode, I’m joined by Martin Voelk, penetration tester and AI red teamer, and Jonathan Care, lead analyst covering the intersection of AI, cybersecurity and identity.

We started out planning to talk about the rise of CTEM (Continuous Threat Exposure Management) and why traditional pentesting and vulnerability scanning can’t keep up anymore. But the conversation quickly went further than that, into the real security risks of AI agents, prompt injection, vibe coding and the speed at which organisations are adopting AI without thinking about what happens when it goes wrong.

Martin shares examples from his red teaming work of how AI agents can be tricked into exfiltrating data and executing malicious code, Jonathan makes the case for why identity needs to become a first class attack surface in any CTEM programme, and all three of us end up genuinely concerned about what happens when CISOs are expected to govern technology that’s moving faster than anyone can keep up with. This one ended up not going quite as planned, and it’s all the better for it.

Three key talking points:

  • Why traditional security testing can’t keep up with AI and agent-driven attacks
  • How prompt injection and invisible exploits are rewriting the rules of risk
  • What CISOs and tech leaders must face as responsibility and risk escalate

If your organisation is adopting AI and your security model hasn’t changed to match, this is a conversation worth listening to.

On why traditional security testing no longer works:
“You have new releases and new technology popping up almost on a daily basis. And you have vulnerabilities popping up on a daily basis as well. The traditional model we have in place with regular penetration testing, once every three months, once every year, that doesn’t cut it anymore.”
Martin Voelk

Listen to this episode on your favourite podcasting platform:
(https://razorwire.captivate.fm/listen)

In this episode, we covered the following topics:

  • The Acceleration of AI Adoption
  • Continuous Threat Exposure Management (CTEM) Evolution
  • Limitations of Traditional Security Testing
  • The Changing Nature of Exploits
  • Prompt Injection Risks
  • Agentic AI and Chained Attacks
  • Visibility and Explainability
  • Supply Chain and Third-Party AI Concerns
  • Identity as the New Attack Surface
  • Regulatory and Legal Accountability

For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.
If you need consultation, visit (https://www.razorthorn.com). We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.

Follow us online:
LinkedIn: (https://www.linkedin.com/company/razorthorn-security)
YouTube: (https://www.youtube.com/c/RazorthornSecurity)
TikTok: (https://www.tiktok.com/@razorwire.podcast)
Instagram: (https://www.instagram.com/razorwire.podcast)
X: (https://x.com/RazorThornLTD)
Website: (https://www.razorthorn.com)

Copyright © 2026 OpsMatters™. All rights reserved.