AI cuts exploit windows to hours; firms shift to preemptive fixes

AI-driven tools have reduced the time between vulnerability disclosure and widespread exploitation to hours. In May 2026, Anthropic and about 50 partners used a preview of Claude Mythos to identify more than 10,000 high- or critical-severity vulnerabilities across widely used software in a single month. Security firms reported attackers are using the same tools to find, reproduce and weaponize flaws.

The Verizon 2026 Data Breach Investigations Report found the median time to patch a critical vulnerability rose from 32 days to 43 days year over year. Many organizations delay patches because of uptime requirements, stability testing, scheduled change windows, business approvals and compliance checks.

India’s CERT-IN issued guidance that suggests sub-day patching expectations for certain critical flaws. Some vulnerabilities may be targeted before full remediation is possible.

Security practitioners describe a three-part operating model for faster response: preemptive triage, rapid environment-specific validation and temporary mitigations.

Preemptive triage narrows the set of disclosures that require immediate attention. Vulnerabilities that attract attackers typically have broad deployment, external reachability, repeatable exploitation and a clear path to meaningful access. Triage is intended to run in the first hours after a disclosure.

Rapid validation establishes whether a vulnerability is present and exploitable in a specific environment. That work maps internet-facing systems, identifies system owners, checks reachability and tests exploitability under real conditions. The result should be a verified list of exposed assets that require action.

Temporary mitigations reduce exploitability while patches are tested and rolled out. Options for internet-facing systems include access restrictions, disabling vulnerable features, updating web application firewall or API rules, adding intrusion detection signatures, isolating systems, changing configurations and increasing monitoring. Effective controls target the exploit path and known payloads where possible.

Security vendors and tool developers emphasize automation to apply temporary controls at the speed attackers use. Some platforms combine threat intelligence with external attack surface discovery and automated mitigation to accelerate detection and response.

Patching remains the definitive fix for software flaws; remediation still requires testing and coordinated change processes. The current gap between attacker timelines and patching timelines has led organizations to add early filtering, fast validation and temporary controls to their security operations.