In vulnerability management programs, it has been assumed that defenders will have adequate time to evaluate newly disclosed flaws, prioritize remediation efforts, and deploy patches prior to large-scale exploitations occurring. This assumption is rapidly becoming obsolete.
Artificial intelligence is increasingly being utilized by threat actors to compress every stage of the attack lifecycle from vulnerability discovery to proof-of-concept to automated weaponizing to mass exploitation.
Organizations are finding themselves caught between escalating pressures to patch faster and the operational realities of maintaining critical systems while exploitation timelines continue to shrink.
A security team's challenge is no longer just identifying vulnerabilities, but managing risks in an environment in which attackers can quickly progress from disclosure to exploitation within hours, often faster than traditional remediation mechanisms can respond. The scope of this challenge is becoming increasingly difficult to ignore.
Even though patch management remains a fundamental security control, the increasing volume of vulnerabilities being discovered is forcing IT organizations to acknowledge the limitations of relying solely on remediation speed to prevent security breaches.
When Anthropic reported, in May 2026, that Project Glasswing, in collaboration with nearly 50 industry partners, utilized Claude Mythos Preview to uncover more than 10,000 critical- and high-severity vulnerabilities in widely used and systemically important software within a single month through its use of Claude Mythos Preview, a tool developed by Claude Mythos.
Several internal research programs are confirming similar outcomes, demonstrating how artificial intelligence is allowing security flaws to be identified and validated at a much faster rate, despite the fact that this shift is not limited to defenders and software vendors.
In addition to simplifying vulnerability analysis and rapidly reproducing revealed vulnerabilities, threat actors are able to reduce the time it takes to operational exploitation by utilizing the same AI-driven capabilities. Thus, security imbalances are no longer solely determined by patching delays, but rather by the unprecedented speed with which both legitimate researchers and adversaries can utilize newly discovered weaknesses to accomplish their objectives.
The growing concern is also beginning to shape national cybersecurity strategy. CERT-In recently released its Blueprint on Reducing Exposure and Protecting Digital Infrastructure against Artificial Intelligence-Assisted Vulnerabilities Exploitation, which recognizes that Artificial Intelligence fundamentally alters the economics and speed of cyber operations.
Specifically, the guidance discusses how artificial intelligence is facilitating adversaries' identification and weaponization of vulnerabilities, exposed internet-facing services, insecure APIs, weak identity controls, misconfigurations, and software supply chain vulnerabilities in an increasingly interconnected enterprise environment by identifying and weaponizing vulnerabilities.
As AI-assisted attacks accelerate multiple stages of the cyber kill chain, including reconnaissance and exploitation, lateral movement, and data exfiltration, CERT-In indicates, traditional security models are becoming increasingly difficult to maintain in response.
According to the framework, continuous exposure management, adaptive defense mechanisms, and resilience-driven cybersecurity operations should be replaced by periodic assessments and reactive remediation.
This blueprint advocates the implementation of AI-enabled, intelligence-led security programs that are capable of continuously validating defenses across stakeholders, endpoints, networks, applications, cloud platforms, operational technology environments, and evolving AI systems.
As part of the strategy, the company places significant emphasis on strengthening governance, ensuring executive accountability, providing proactive threat hunting, ensuring incident response readiness, and reducing exposure by enhancing attack surface management and continuing security validation.
Additionally, CERT-In emphasizes the importance of securing software supply chains, cloud ecosystems, artificial intelligence models, and third-party dependencies as a result of ongoing assurance activities such as audits, adversarial testing, red teaming, and independent assessments.
Further, the guidance emphasizes that effective defense against AI-based exploitation will require more than just technical measures, but also coordinated threat intelligence sharing, collaborative response efforts, and sustained cooperation between organizations, cybersecurity communities, and national cyber authorities.
There are, however, practical limitations in eliminating risk at the speed modern threats require that go beyond identifying risk.
The exploitation timeline has steadily contracted for years, but artificial intelligence adoption is increasing this trend to the point where newly disclosed vulnerabilities can attract active exploitation attempts within hours of public disclosure due to its increasing adoption.
As attackers increasingly utilize automated workflows and highly scalable workflows, remediation processes continue to be hampered by business continuity requirements, testing cycles, change management procedures, regulatory requirements, and the complexity of modern enterprise environments.
Across the industry, this disparity has become increasingly pronounced.
The Verizon Data Breach Investigations Report 2026 (DBIR) indicates that the median remediation time for critical vulnerabilities increased from 32 days to 43 days over the past three years, illustrating the growing gap between organization response capability and exploitation speed.
With regulators such as CERT-In advocating more aggressive remediation timelines for critical vulnerabilities as well as sub-day patching expectations, security leaders are faced with balancing the need for urgency with the needs of operational stability. The emerging reality is that some vulnerabilities will inevitably be targeted prior to the completion of full remediation.
The effectiveness of cyber defense cannot be solely assessed by the pace at which patches are deployed, but also by an organization's ability to limit exposure, contain exploitation opportunities, and maintain resilience during the period between vulnerability disclosures and remediation. As a result, automation is increasingly becoming regarded as a prerequisite rather than an enhancement to modern security operations against this backdrop.
CERT-In focuses its efforts on continuous monitoring, verification, and adaptive defense, reflecting a broader industry recognition that manual security workflows cannot cope with the scale and velocity of AI-driven threats.
Ruvala commented that traditional operating models based on human analysis and response are becoming increasingly unsustainable as security teams contend with an expanding attack surface, growing number of vulnerabilities, and a constant flow of alerts and telemetry generated across distributed environments.
It is no longer feasible for security events to be manually investigated and prioritized under such circumstances.
The use of artificial intelligence-enabled security platforms is therefore being increased for the purpose of accelerating threat detection, coordinating activities between disparate systems, automating investigative processes, and determining the priority of remediation efforts based on real-time risk exposure.
In light of adversaries' use of artificial intelligence to accelerate reconnaissance, vulnerability identification, and active exploitation, these capabilities are becoming increasingly important.
To achieve better response effectiveness at scale, Ruvala believes the industry is shifting toward platform-centric, increasingly autonomous Security Operations Center (SOC) models with artificial intelligence, automation, and unified visibility.
Unless these levels of operational augmentation are in place, most organizations will remain challenged to meet the rapid remediation and response timeframes now expected by regulators, business leaders, and threat realities alike.
Increasingly, artificial intelligence is becoming increasingly influential when it comes to vulnerability discovery and exploitation, reshaping long-held assumptions about cyber security.
As the gap between vulnerabilities being disclosed and actively exploited narrows, organizations are being forced to acknowledge that remediation alone is no longer sufficient to protect against malicious attacks.
As threats evolve rapidly, the challenge is not simply responding faster, but developing security programs that continuously identify vulnerabilities, validate controls, prioritize risks, and adapt accordingly.
As adversaries and defenders have increasingly powerful AI capabilities available, the ability of organizations to effectively combat the next generation of cyber threats will be determined by resilience, visibility, and operational agility.
.jpg "The Growing Threat of AI-Driven Exploitation in Vulnerability Management")
.jpg)
