Breaking News: AI Now Finds Software Flaws Faster Than Humans Can Patch
General-purpose AI models have demonstrated the ability to discover and exploit software vulnerabilities faster than ever—even without being purpose-built for that task. This breakthrough creates a critical window of risk for enterprises, as cybercriminals and nation-state actors accelerate their attack timelines.
"The economics of zero-day exploitation are shifting dramatically," said researchers at Wiz, a cloud security firm, in a recent analysis. "Mass exploitation campaigns, ransomware operations, and activity from actors who previously guarded these capabilities will surge."
Defenders now face two urgent priorities: rapidly hardening existing software and preparing to defend systems that are not yet hardened. Security teams must act now to update playbooks, reduce exposure, and integrate AI into their own defense programs.
Background: How AI Redefines the Adversary Lifecycle
Historically, discovering novel vulnerabilities and developing zero-day exploits required specialized expertise, significant time, and resources. Today, highly capable AI models are lowering that barrier. These models can not only identify flaws but also help generate functional exploits, compressing the traditional attack lifecycle.
The Google Threat Intelligence Group (GTIG) has already observed threat actors leveraging large language models (LLMs) for exploit development. Underground forums are actively marketing AI tools and services designed for this purpose, indicating a new era of commoditized cyberattacks.
Accelerated exploit deployment is not a future threat—it's happening now. In a 2025 report on zero-days, GTIG noted that PRC-nexus espionage operators have become adept at rapidly developing and distributing exploits among separate threat groups. This shrinks the historical gap between vulnerability disclosure and active exploitation.
What This Means for Enterprise Security
Enterprise defenders must acknowledge that threat actors will increasingly use AI to discover and exploit novel vulnerabilities before patches are available. The traditional "patch Tuesday" model is no longer sufficient. Security operations need real-time AI-assisted threat detection and automated response capabilities.
"Now is the time to strengthen playbooks, reduce exposure, and incorporate AI into security programs," said Wiz researchers in their blog post Claude Mythos: Preparing for a World Where AI Finds and Exploits Vulnerabilities Faster Than Ever. This includes modernizing defensive strategies across the entire software development lifecycle.
Organizations should immediately prioritize asset discovery, vulnerability management, and zero-trust architectures. AI-driven security tools can help defenders keep pace, but human oversight remains critical. The window for action is closing rapidly.
For a deeper dive into this topic, Wiz is hosting a webinar on defending your enterprise when AI models can find vulnerabilities faster than ever. Register now to learn how to modernize your security approach.