Cyber risk has entered a new era: one defined not just by scale, but by speed.
Across the payments ecosystem, fraud and cyber threats are no longer isolated problems. They are deeply interconnected, dynamic, and increasingly powered by AI. Attacks are becoming more complex, more accessible, and more effective, fuelled by everything from social engineering to AI-generated deepfakes and automated attack tooling.
The implication is clear: traditional approaches to cybersecurity built around periodic testing and reactive controls are necessary but no longer sufficient.
The shift: From finding vulnerabilities to closing them faster
For years, cybersecurity programs have focused on discovering vulnerabilities. Today, that is no longer the constraint.
With frontier AI models, vulnerabilities can now be identified at unprecedented speed and scale. Initiatives like Project Glasswing¹ brings together leading enterprises to test advanced AI models such as Claude Mythos demonstrate how rapidly this capability is evolving.
This progress, however, shifts the nature of the challenge.
The real differentiator is no longer detection, it is how quickly organisations can validate, adapt, and remediate.
In other words, resilience is now defined by how fast organisations can adjust effectively to a new change, or threats. In cybersecurity, we call it the “Mean Time to Adapt”.
Organisations that fail to close the gap between detection and remediation will struggle to keep pace in an environment where attackers are continuously learning, automating, and scaling their efforts.
Seeing earlier: Cyber signals before fraud losses
A critical insight emerging from both Visa’s experience and broader industry data is that fraud is rarely the starting point.
Cyber signals such as compromised credentials, phishing infrastructure, account takeover attempts almost always precede financial loss. The challenge is that many organisations detect these signals too late or lack the ability to distinguish meaningful signals from noise.
This is why cybercrime is increasingly shifting “left” in the customer journey, occurring well before a transaction ever takes place. 68% of organisations have likely experienced an AI-powered cyber attack in the past year².
A new model for cyber defense: Continuous, AI-driven validation
Visa’s work through Project Glasswing reflects a broader industry transition, from periodic testing to continuous, AI-driven validation.
At the center of this shift is the Visa Vulnerability Agentic Harness (VVAH)³, an open-source framework designed to help organisations operationalise frontier AI in cyber testing.
Importantly, this is not tied to a single model or provider. It is deliberately model-agnostic, reflecting a future where multiple frontier AI systems coexist across the ecosystem.
This enables organisations to:
- Continuously identify and validate vulnerabilities across their environments
- Automate testing workflows using AI agents
- Improve speed of remediation and adaptation
- Build internal capability rather than relying solely on external assessments
The goal is simple: move from episodic assessments to always-on resilience.
Beyond tools: A three-tier approach to cyber resilience
While building internal capability is foundational, it is only part of the solution.
Leading organisations are adopting a layered approach that combines internal visibility, external intelligence, and customer-level protection:
ㅤ1. Internal visibility — “Help yourself”
Open frameworks like VVAH empower organisations to continuously test and strengthen their own environments using AI-driven validation.
ㅤ2. External intelligence — “Visa helps you”
Platforms like the Visa Threat Intelligence Platform (VTIP) provide enriched, real-time intelligence—connecting proprietary data, external signals, and ecosystem insights to surface actionable risks.
This allows organisations to detect threats beyond their perimeter, including third-party vulnerabilities and emerging attack infrastructure.
ㅤ3. Customer protection — “Help your customers”
Advanced analytics solutions help detect and prevent fraud at the end-user level, protecting against account takeover and unauthorised activity.
Together, this creates a comprehensive defense model that spans:
- Internal systems
- External threat landscape
- Customer interactions
Breaking down silos: The convergence of cyber, fraud, and risk
One of the most important structural shifts underway is the convergence of cyber, fraud, and financial crime disciplines.
Historically managed in silos, these domains are now deeply intertwined:
- Cyber attacks increasingly drive downstream fraud losses
- Fraudsters exploit gaps between disconnected systems
- Organisations face mounting operational complexity and cost
Future-ready systems must be:
- Interconnected — linking signals across the entire lifecycle
- Adaptive — evolving in real time as threats change
- AI-powered — augmenting human decision-making with speed and scale
- Outcome-driven — focused on reducing losses and improving customer experience
Visa’s own evolution, from transaction-level protection to proactive cyber prevention reflects this shift toward integrated, intelligence-led security. Through connected intelligence and clearer decisions, USD38 billion has been saved in fraud in FY25⁴ and over USD203 billion blocked from enumerated transactions in 2024⁵.
The bigger picture: Giving back to the ecosystem
Perhaps the most significant aspect of this transformation is not just technological, it is collaborative.
By open-sourcing capabilities like VVAH and sharing learnings from initiatives like Project Glasswing, Visa is contributing to a broader industry goal: raising the collective resilience of the ecosystem.
In a world where attackers collaborate, scale, and innovate rapidly, defensive strategies must do the same.
What this means for leaders
For CISOs, risk leaders, and fraud executives, the implications are immediate:
- Shift focus from detection to speed of adaptation
- Invest in continuous validation, not point-in-time testing
- Break down silos between cyber, fraud, and risk teams
- Leverage both internal capability and external intelligence
- Align security strategy with business outcomes at the board level
The organisations that succeed will not be those that find the most vulnerabilities, but those that can adapt to them the fastest.
Visa’s Risk and Security Intelligence Solutions (RAS) are uniquely positioned to help clients translate these insights into tangible outcomes, combining frontier AI learnings with real-world experience operating at global scale.
We invite clients to partner with us to:
- Build internal cyber resilience capabilities
Leverage frameworks like VVAH to move from periodic testing to continuous, AI-driven validation within your own environment. - Gain clarity from the noise with actionable intelligence
Harness platforms like VTIP to connect external threat signals with internal risk exposure—enabling earlier detection and faster intervention. - Strengthen end-to-end protection across the lifecycle
Integrate cyber, fraud, and customer protection strategies to close gaps and reduce downstream losses. - Accelerate your cyber maturity journey
Through executive briefings, practitioner training, and cyber maturity assessments, RAS helps define a clear roadmap aligned to your organisation’s risk posture and business priorities. - Engage holistically across cyber, fraud, and risk leadership
Bring together CISO, fraud, and risk stakeholders to align around a unified, outcome-driven strategy.
As cyber threats become faster, more adaptive, and increasingly AI-driven, resilience will be defined by how quickly organisations can learn, adapt, and respond.
³ VVAH
⁴ VisaNet data July 2024 – June 2025. Estimated based on aggregated analysis of Visa Advanced Authorization (VAA) using VisaNet, ChaseNet, and select third-party network data for Network Security Analytics (NSA). Results are illustrative, actual outcomes may vary.
⁵ Annual Identity Fraud Report by Visa 2024.