Assume-breach is a security design mindset that treats compromise as possible, even when no alert is active. Instead of trusting the network perimeter, it expects that an attacker may already have some foothold and builds layers that limit what that foothold can do. This makes the model closely related to zero trust, but it is broader than authentication alone: it also covers segmentation, least privilege, logging, recovery, and response readiness.
In practice, assume-breach matters because many attacks succeed after the first access is gained. Phishing, stolen credentials, misconfigurations, and exposed cloud services often give an attacker a starting point, not full control. Defenses built around assume-breach aim to contain that access with strong identity checks, restricted permissions, continuous monitoring, and clear incident playbooks. The goal is not to pretend compromise never happens, but to keep one failure from becoming a full environment takeover.