The Vulnerability Disclosure Paradox: Why Faster Patching Can’t Outrun AI-Generated Attacks
For decades, patch management ran on one assumption: move fast enough and you beat the attackers. Mandiant’s M-Trends 2026 Report shows that race is over. The average vulnerability now gets exploited seven days before a fix even exists.
The contrast with the recent past is stark. In 2018, defenders had about two months after a vulnerability went public before anyone tried to exploit it — time to test a patch and roll it out before anyone came knocking. That window has now gone negative.
CrowdStrike’s 2026 Global Threat Report backs this up, finding that 42% of exploited vulnerabilities were attacked before they were even publicly disclosed.
I sat down to discuss these findings with Jason Garbis, founder of Numberline Security and co-chair of the Zero Trust Working Group at the Cloud Security Alliance, for a recent episode of The Segment podcast.
Once a vulnerability becomes public knowledge, he argued, attackers no longer need to hunt for the flaw at all. The disclosure itself hands them a blueprint, and building an exploit from a published advisory takes far less work than finding the weakness from scratch.
That shift is why the security industry’s long obsession with patching speed is chasing the wrong finish line. The teams that hold up under this new timeline share one trait. They assume they will get breached somewhere between disclosure and patch, and they have already limited how far that breach can travel.
When the patch advisory becomes the attacker’s blueprint
Every responsible disclosure process exists for a good reason.
Vendors need to tell customers what’s broken so they can fix it, and regulators increasingly require it. But that same transparency now works both ways.
The moment a CVE goes public, attackers don’t need to reverse engineer a mystery. They need only read the advisory. Then they compare the patched code against the vulnerable version. From that difference, they can build a working exploit.
Research from the Cloud Security Alliance’s AI Safety Initiative shows how far this process has already been automated. Multi-agent AI systems built to reproduce disclosed vulnerabilities have recreated roughly half of all CVEs published in the last two years, many complete with working exploits, at an average cost of under $3 per attempt.
What used to require a skilled reverse engineer and days of quiet effort now happens for pocket change. It takes about as long as reading the advisory twice.
This is the mechanism Jason and I discussed on the podcast. An attacker with access to a frontier AI model scanning code repositories for undiscovered flaws is a real risk.
But the more immediate threat is simpler. Attackers wait for the disclosure, then race to build the exploit before defenders finish validating and deploying the patch.
Disclosure has quietly become reconnaissance, and most patch management programs were never built to survive that.
The post-Mythos patch tsunami
Jason has a creative term for what he sees happening in the near future: a patch tsunami.
Frontier AI models are now surfacing vulnerabilities and prompting security updates at a volume and speed most teams have never faced. The debate around Mythos-class models and Project Glasswing only added fuel to that conversation.
But Jason’s take is that it doesn’t matter how much of the initial hype was marketing. These models keep getting better at finding flaws, and defenders need to prepare for that reality regardless of the pace.
The numbers back him up. Global CVE publications topped 48,000 in 2025, a 20% jump over the year before, according to an analysis of official CVE data by Cisco researcher Jerry Gamblin. His mid-year follow-up shows the curve going vertical: the first half of 2026 alone produced more than 35,000 CVEs, up nearly 50% over the same period last year. That’s one new CVE every 7.4 minutes.
Commercial software vendors are also compressing how long they support older versions, which forces faster upgrade cycles across the enterprise.
Open-source libraries are becoming a growing source of exposure, too. Jason pointed out they often carry far less rigor around packaging and versioning than commercial software. So much custom enterprise software depends on them, sometimes without being touched in years.
Jason argued that the fundamentals of information security haven’t changed. The industry already knows how to defend against every category of attack it faces today.
What’s changing is the volume and speed at which known risks are arriving. That shift is exposing teams that never built the discipline to keep pace, even before AI entered the picture.
How far a breach can spread is the metric that matters
If patching speed alone can’t outrun a negative time to exploit, security leaders need a different metric. The real question is how much of the network an attacker can reach once they get in.
Jason offered a concrete example from his consulting work. Picture a finance application running on a flat enterprise network, where any of 5,000 employees and devices can reach it directly. Now picture that same application restricted to the roughly 200 people who actually work in finance.
The vulnerability still needs patching either way. But the population that could exploit it before the patch lands has just shrunk by more than 95%.
That’s the case for treating segmentation as a foundational control. It doesn’t eliminate the need to patch or require a perfect, granular policy on day one. Coarse-grained segmentation, applied around your highest-value systems, still delivers benefits.
With the right segmentation in place, a vulnerability that could’ve become a major catastrophe instead turns into a small incident your team can handle in an afternoon.
The guidance itself has been consistent for years. What has changed is the cost of ignoring it, given how quickly a fresh disclosure can now turn into a working exploit.
Three moves worth making before your next disclosure cycle
A few concrete steps came out of my conversation with Jason. I’d encourage every security leader to weigh these against their current roadmap.
Build a real inventory of what’s running and who should reach it
Jason was emphatic about this. Segmentation technology delivers value only when it’s fed accurate, machine-readable data about your workloads and the identities that need access to them. Skipping this step is the fastest way to end up with a policy that looks good on paper and breaks in production.
Segment your highest-value systems now, even coarsely
Waiting for a perfect, fully mapped policy before acting is the analysis paralysis Jason warned against directly. A rough first pass around your critical assets beats a beautifully documented plan that never ships.
Put a refresh timer on your legacy systems
Jason recommends requiring all new systems to follow modern governance from day one. Every existing system should get a mandatory rebuild or review cycle, say once every 12 to 18 months. Spreading that work across the calendar keeps it from becoming a pile no team ever gets around to.
The time to act is before the next disclosure, not after
In June, the Cybersecurity and Infrastructure Security Agency (CISA) made this shift official policy. Binding Operational Directive 26-04 now requires federal agencies to remediate the most dangerous vulnerabilities (publicly exposed, actively exploited, and automatable) within three days, down from the previous two-week standard. CISA named AI directly as the reason, noting that it’s vastly increasing the pace of vulnerability discovery for attackers and defenders alike.
The directive only binds federal agencies, but CISA encourages the private sector to adopt the same approach. The industry’s baseline expectation for response time has already been rewritten.
The good news is that none of this requires reinventing your security program from scratch. It requires accepting that a breach happening somewhere between disclosure and patch is now the scenario to plan for. And it requires building segmentation around your most important systems, so that when a breach happens, it costs an afternoon instead of a headline.
The teams treating this as urgent now, while there’s still daylight between today’s threat landscape and whatever arrives with the next-model generation, are the ones that will still be telling a good story a year from now. Waiting for a cleaner moment is a bet that the data no longer supports.
Listen to the full episode of The Segment: A Zero Trust Leadership Podcast on Apple Podcasts, Spotifyou notre site web.

.webp)
.webp)
%20(1).webp)

