Automated Moving Target Defense

Blinding and Outmaneuvering the AI Threat

Tom McNamara

April 8, 2026

Hopr's Cloud Native AMTD is n effective defense that neutralizes AI-driven threats

Why AI’s Machine-Speed and Comprehension Demand Cloud Native AMTD

The enterprise cybersecurity landscape experienced a sea change. In a leaked memo regarding their upcoming AI model "Mythos," Anthropic explicitly warned that the next wave of AI models will "exploit vulnerabilities in ways that far outpace the efforts of defenders." Industry experts, including cybersecurity CEOs, are publicly calling the arrival of autonomous "agentic attackers" a literal watershed event. These AI agents can scan, identify, and exploit vulnerabilities persistently and instantly—at a scale no human team can match. With the disclosure of Anthropic’s "Claude Mythos" model, the industry was put on notice: we are no longer defending against human adversaries executing scripted attacks. We are defending against autonomous AI agents that possess the capability to read code, analyze environments, and execute responses at machine speeds.

For Chief Information Security Officers (CISOs), this fundamentally rewrites the rules of engagement. Traditional defenses are built on the assumption that an attacker needs time—time to perform reconnaissance, time to read open API endpoints, time to test business logic, and time to develop an exploit. Agentic AI compresses that timeline to near-zero.

To win this race, we cannot simply deploy faster detection tools. We must offset the AI's speed advantage by denying it the very knowledge it needs to operate. We must outmaneuver the threat by implementing a defense where authorization is baked into the architecture by design, rendering our critical workloads entirely invisible to machine-speed reconnaissance.

The AI Advantage: Reading Code and Exploiting Logic

To understand the severity of the AI threat, we must look at how an autonomous agent attacks an enterprise. When an AI targets a modern cloud environment, it looks for application programming interfaces (APIs). APIs are workload endpoints with a specific URL address that allows different software applications to connect, communicate, and exchange data.

Traditional API gateways and perimeter defenses leave these endpoints functionally exposed. While they may require an API key, the endpoint itself is "listening." An AI agent can send probes, read the resulting error codes, analyze the API's structure, and map the underlying code logic at lightning speed. It leverages its vast training data to instantly correlate an API's behavior with known vulnerabilities.

If your defense relies on post-breach detection or static API gateways, the AI has already won. By the time a traditional security tool logs an anomaly, the AI has read the code, tested the authentication mechanism, exploited a vulnerability, and moved laterally. You cannot outrun an adversary that can read your playbook instantly.

The Foundation of Hopr’s AMTD: Authorization by Design

Automated Moving Target Defense (AMTD) has been recognized by cybersecurity defense analysts as “the future of cyber.” And there are multiple methods used to produce an AMTD. But to defeat an AI that relies on reading and responding, you must sever its ability to interrogate your network. This requires an architectural shift from reactive detection to proactive threat rejection. And there is only one AMTD solution on the market that can do that.

This is the exact capability delivered by the Korvette-S Workload Security Proxy (WoSP). The WoSP is a small lightweight add-on software module that operates as a "sidecar" to containerized application or IoT workloads. Unlike traditional networking proxies, the WoSP is built on a framework of "authorization by design."

Instead of allowing traffic to reach the API endpoint and then checking for authorization, the WoSP mandates strict authorization by design at the time of deployment to set the foundation for access control at the transport and application layers before a single byte of application data is processed. This authorization capability is anchored in runtime by a unique mechanism: authentication by two ephemeral credentials.

Authentication by Two Ephemeral Credentials

Traditional systems rely on long-lived Public Key Infrastructure (PKI) certificates or static API keys—credentials that assume implicit trust and give AI attackers a static target to steal and reuse. Hopr replaces this vulnerable framework with two distinct, dynamic credentials that work in tandem:

1. The Ephemeral Identity Credential (MAID™) First, the WoSP's identity manager manages a "cert-free" workload identity credential (a Machine Alias ID we call it a MAID™) that is initially provided by Hopr. Hopr operates an Observability Plane that can see a workload's MAID™ credential each time a communication session begins, and a Verifier will verify its identity trust. This ensures that identity is never assumed; it is cryptographically proven before a connection is fully authorized.

2. The Ephemeral Secret Credential (CHIPS™) Second, the WoSP controls the cryptographic secret. Hopr WoSPs start a communication session by generating strong ephemeral and symmetric encryption keys using Hopr's novel Codes Hidden In Plain Sight (CHIPS™) technology. Two WoSPs configured to use the same CHIPS™ algorithm will generate the key if their algorithms run at nearly the same time. Because the key is generated at both endpoints, there is no key exchange.

By requiring both an explicitly verified MAID™ identity and a synchronously generated CHIPS™ secret, Korvette-S establishes an unpredictable fortress of authentication that no external AI can spoof, steal, or bypass.

Blinding the AI: Impeding Machine-Level Knowledge

The true power of "authorization by design" is how it interacts with Hopr's Synchronous Ephemeral Encryption (SEE™) protocol. CHIPS™ keys are used in the SEE™ protocol to build a bi-directional, end-to-end-encrypted communication channel between two trusted workloads.

When an AI agent attempts to probe an API protected by Korvette-S, it sends a payload. However, because the AI does not possess the correct CHIPS™ algorithm to generate the exact ephemeral symmetric key, its payload is improperly encrypted.

The WoSP immediately discovers untrusted access attempts because their messages will fail SEE™ decryption. The WoSP rejects all unauthorized access attempts. All untrusted ingress messages fail decryption, are logged, and immediately discarded without a response to the sender.

From the perspective of the AI agent, the endpoint they probe does not exist. They get nothing. There are no error codes to parse, no business logic to reverse-engineer, and no open ports to map. The AI's ability to read code and respond is completely neutralized.

This is how we defeat machine-speed comprehension and speed. Enterprises can rely on successful decryption of authorized messages that are ephemerally encrypted to authenticate the sender. 

Motion as the Ultimate Neutralizer

Because the Korvette-S WoSP utilizes authorization by design and authentication via two ephemeral credentials, Hopr's Cloud Native Automated Moving Target Defense (AMTD) is the ultimate AI neutralizer.

With the AI effectively blinded, Hopr puts the authorized credentials into continuous motion. The two credentials (identity and secret) control the access to their host workload and autonomously hop at a high frequency. The MAID™ identity credential for a workload and the ephemeral symmetric E2EE key both hop (rotate) based on a communication session.

Even if an AI agent were to somehow observe a legitimate transaction, the credentials it witnesses are already dead. This makes it nearly impossible for a threat to discover and abuse them via an attack. AMTD automatically changes or obfuscates something a threat actor needs to launch an attack so that it cannot be discovered, or if discovered, it cannot be used before it changes to a new value.

Fulfilling the Zero Trust Mandate

Enterprise security leaders are under immense pressure to adapt to this new era of agentic threats while simultaneously maintaining regulatory compliance. The US Office of Management and Budget (OMB) mandated the verification of identity trust at every transaction. The MAID™ meets the OMB Zero Trust Strategy mandate for "continual verification of each... transaction", which is not possible with automated PKI certs used today.

We can no longer afford to deploy security architectures that feed information to our adversaries. AI attackers thrive on static environments, open APIs, and long-lived credentials. They win by reading our code faster than we can patch it.

To secure the enterprise, we must outmaneuver the threat. By deploying the Korvette-S WoSP, organizations implement true authorization by design. We deny the AI the knowledge it seeks, authenticate every transaction with ephemeral credentials, and keep the target in constant motion. In the race against machine-speed attacks, blinding the adversary and outmaneuvering their speed is the only way to win.

Keep Reading

From Glass Cases to Ephemeral Access

The recent Louvre Crown Jewels heist is a perfect metaphor for enterprise cybersecurity failures. Cameras, alarms, and guards didn’t stop the theft — predictable routines, unchecked access, and unverified trust did. Enterprises face the same problem: long-lived credentials, over-permissioned APIs, and siloed monitoring create blind spots that attackers exploit to steal data, IP, and secrets. Static defenses aren’t enough. Just like museum staff relied on routines and assumed trust, cybersecurity teams often assume certificates, firewalls, and segmentation are sufficient. But attackers don’t follow the rules — and neither should defenses. Hopr.co solves this with ephemeral trust. Workloads continuously verify identity via WoSP, identities rotate automatically with MAID™, communications stay secure with SEE™, and secrets hop dynamically with Cloud Native AMTD.

Author Avatar
Tom McNamara

November 14, 2025

Beyond the Locked Front Door - ZTNA

Industry data shows that the vast majority of breaches occur on "trusted" and "allowed" connections. Is your ZTNA solution just a locked front door, leaving all the internal doors wide open for attackers to roam freely? The "allow and ignore" model of ZTNA 1.0 is a recipe for disaster. It's time to move beyond session-based trust. Learn about "Zero Trust by the Transaction"—a new paradigm that continuously verifies trust for every single API call and workload interaction, stopping lateral movement and insider threats cold.

Author Avatar
Tom McNamara

November 14, 2025

Runtime Microsharding Shrinks the Enterprise Attack Surface

Enterprises a challenged to defend their ever-growing attack surface. Complexity, Zero Days, and static network configurations make a target rich environment for increasingly sophisticated threats. Conventional defenses seem to have reached a ceiling of effectiveness. But a new Cloud Native AMTD is an active cyber defense that microshards the attack surface in to many small pieces and animates them so that attackers are confused in targeting application workloads.

Author Avatar
Tom McNamara

July 16, 2025

Proxies in the Cloud: Managing Traffic and Securing A Digital World

Proxies are common software designs that are widely used to abstract repetitive code and simplify a software architecture or code development. While they come in different types and are used for different purposes, the use of proxies for communications management is common, but many people may not know that security functions can also be proxied. In this article, I explain a novel and powerful new proxy – a Workload Security Proxy – that decentralizes access credential management to dramatically improve security and shrink the attack surface of digital enterprises.

Author Avatar
Tom McNamara

June 5, 2025

AMTD and Zero Trust in a Single Solution: The WoSP

Enterprise CISOs are challenged to find cost savings without compromising security. As cyber threat sophistication increases and overcomes conventional defenses, Zero Trust becomes an important cosideration for security architectures and compliance. A new option has arrived that combines AMTD with Zero Trust principles to deliver stronger security and cost savings for CISOs.

Author Avatar
Tom McNamara

June 5, 2025

A Short History of Moving Target Defense

Automated Moving Target Defense (AMTD) is emerging in the cybersecurity market as a new form of moving target defense (MTD). Not many people know that MTD is not new. It has been used effectively in communications security and information security for over 50 years before it appeared as a cybersecurity strategy. Today’s AMTD is a generational improvement over MTD, even the MTD from just a few years ago. The latest forms of AMTD are built for the cloud and are far more sophisticated than their predecessors. One new form even combines AMTD with Zero Trust to produce a strategic combination that amplifies the cybersecurity benefits at a relatively low cost.

Author Avatar
Tom McNamara

June 5, 2025

Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Case StudiesHow It WorksUnique FeaturesZero Trust - AMTD ProductsPricingContact usSecurityWeb Retriever OSSAboutPrivacy policiesTerms of service
Hopr provides true Zero Trust access control for workloads and APIs, powered by a Cloud Native Automated Moving Target Defense.

We use ephemeral machine identities, credential hopping, and application-layer post quantum end-to-end encryption of data in transit.

And Hopr verifies identity trust at every API transaction and eliminates the risks from static credentials across clouds, clusters, and organizations.
Copyright 2021-2025 | Hopr Corporation
CHIPS™, MAID™, SEE™, Lane7™, and Runtime Microsharding™
are trademarks of Hopr Corporation
CHIPS™ and MAID™ and SEE™ and Cloud Native AMTD
are protected by US Patents and patents pending.