Don Schuerman, CTO and Head of Marketing, Pegasystems.getty​Every few years, an industry-shaking event jolts even the most change‑averse organizations to look up from their road maps and ask an uncomfortable question: Are we still relying on yesterday’s solutions to fight tomorrow’s battles?​​The latest warning shot comes from headlines around Mythos, a new AI model from Anthropic reportedly so powerful that its creators are slowing its rollout amid concerns it could be weaponized by cybercriminals to probe, attack and infiltrate enterprise IT systems. But whether Mythos itself proves to be the tipping point almost doesn’t matter. The signal is loud and clear: The balance of power is shifting rapidly toward attackers who can move at machine speed.​For companies still relying on aging legacy systems, I believe this is more than just another security scare.​The new Y2K is already here.Many are already drawing comparisons to Y2K, and for good reason. In the late 1990s, organizations scrambled to fix a seemingly small flaw in their code before the calendar flipped to the year 2000. The fear wasn’t theoretical. If systems failed, planes could be grounded, power grids disrupted and financial systems thrown into chaos. Companies spent billions patching, testing and praying.​ We avoided disaster, but mostly by duct‑taping the past.​Fast forward to today, and the parallels are striking. There are still tens of thousands of organizations with active Lotus Notes installations in the wild. Major banks, governments and insurers continue to rely on COBOL mainframes written decades ago. Then there’s Oracle Forms, Windows Servers, SAP EEC—the list goes on.​Sure, these systems are stable, but stability is not the same thing as resilience. They were never designed to operate in a world where attackers can use generative AI to analyze APIs, reverse‑engineer workflows or test exploits thousands of times per minute.​This is what I've come to see as the uncomfortable truth: Legacy systems have become the soft underbelly of modern enterprises.​The instinctive response is familiar. Patch the vulnerability, add another security layer and write compensating controls. In other words, plug the leaks with our fingers and hope the dam holds.I don't believe that approach will work anymore.​ One‑off patching assumes a static threat model. AI‑driven attackers are anything but static. They learn, adapt and iterate faster than any human security team can respond. Treating this like a traditional upgrade cycle is like bringing a squirt gun to a drone fight.​What’s needed now is not incremental repair, but enterprise-wide reimagination.​ That doesn’t mean ripping everything out overnight. It means fundamentally rethinking how systems are designed, how work flows across the enterprise and how humans and machines collaborate. It means shifting the focus from “How do we protect this old process and squeeze a little more life from it?” to “If we were building this today, knowing what we know now, what would it look like?”​Ironically, the same AI revolution empowering attackers can help turn defense into offense, if used the right way.​There’s a lot of buzz around “vibe coding,” where generative AI spits out applications or scripts based on a prompt. That’s exciting, and in many cases genuinely useful. It’s not surprising that the power users of AI coding are experienced engineers. Their skills are still needed to avoid subtle errors, security flaws or brittle logic that collapsed under real‑world conditions. Without the right guardrails, entire business systems can be wiped out in seconds. When AI writes code faster than teams can fully understand or validate it, speed becomes a liability.​But we can do better than just rewrite existing systems faster. AI can help organizations ideate new operating models, suggest better workflows and redesign processes to harness the power of agents, all before a single line of production code is written. AI can surface bottlenecks, identify redundant steps and suggest entirely new ways of delivering outcomes that legacy architectures simply can’t support. It can operate not just in code but in a visual language that business and IT experts can understand.​In other words, we can use AI not just to build faster, but to think better.​Patching the past won’t protect the future.This is where legacy transformation can finally break free from its reputation as a slow multiyear slog. With the right approach, enterprises can more readily explore modernization scenarios. They can pressure‑test ideas digitally before committing millions of dollars, and they can modernize in a way that reduces risk rather than compounding it.​​Yes, criminals are moving fast with AI, but so can the rest of us. Y2K taught us that waiting until the last minute is expensive and dangerous. Patching the past won’t protect the future. The organizations that thrive in the age of AI will be the ones that stop asking how to preserve legacy systems and start asking how to outgrow them.​​Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?