AI HAS TURNED THE VULNERABILITY MARKET AGAINST DEFENDERS

The numbers tell a stark story. In 2021, the security industry disclosed roughly 21,000 vulnerabilities. In 2025, that figure hit 50,000. The volume is not the problem, though. The problem is that the time between a vulnerability becoming public and a working exploit appearing in the wild has collapsed to hours, attackers now have AI-powered research assistants, and defenders are buried under findings they cannot prioritize fast enough.

That is the current state according to vulnerability intelligence firms including Recorded Future and VulnCheck, whose analysts tracks exploitation in the wild. Of the 446 vulnerabilities confirmed actively exploited in 2025, nearly 29% were being weaponized on or before the CVE publication date. The window for remediation has not just narrowed; for a significant fraction of vulnerabilities, it has effectively closed before most organizations even know the flaw exists.

WHAT HAS CHANGED

The common framing that AI is vulnerability research obscures a more nuanced reality. AI is not inventing new classes of flaws. It is scaling up existing problems: the patch prioritization headache, the remediation backlog, the challenge of figuring out which of thousands of reported CVEs actually matter in any given environment.

according to analysis from Recorded Future's Insikt Group. The fundamentals still involve figuring out what is reachable, what is high-impact, and what is worth fixing first. What has changed is that AI now generates enough findings to make that triage process actively unsustainable without automated help.

The acceleration is real. Attackers are using AI to and the median time-to-exploit may now be measured in hours rather than days. Automated exploit development will likely shorten the path from discovery to proof of concept further. The defenders' traditional advantage, that they could patch before most attackers could build a working exploit, is gone for any vulnerability that looks attractive enough to spend time on.

But AI is not a magic exploit machine. The technology is A skilled attacker with AI is dramatically more dangerous. A novice with AI gets partial results that still require significant expertise to turn into something usable.

THE JUMP IN CAPABILITIES

Forescout's Vedere Labs tested 50 AI models spanning commercial, open-source, and reportedly underground options. The results are stark. A year ago, 55% of tested models failed basic vulnerability research tasks and 93% failed at exploit development. In 2026 testing, every model completed vulnerability research tasks and half generated working exploits autonomously.

said Rik Ferguson, VP of Security Intelligence at Forescout.

The most capable models in testing were Claude Opus 4.6 and Kimi K2.5. Both can find and exploit vulnerabilities That accessibility matters. It lowers the barrier for anyone with a subscription and a target list.

Forescout's own testing validated this directly. Using single prompts, the RAPTOR agentic framework, and firm extensions, the team discovered four new zero-day vulnerabilities in OpenNDS, a network gateway software package. One of those vulnerabilities existed in code that Vedere Labs had already manually analyzed and had not identified. The AI found something human experts missed.

Non-public frontier models have done even more. Anthropic's Claude Mythos, tested through the company's Project Glasswing initiative, has identified

THE ECONOMIC SHIFT

Commercial models performed best in Forescout's testing but come at a cost. Claude Opus 4.6 runs at $25 per million input tokens and $25 per million output tokens. Claude Mythos pricing reaches $25 per million input and $125 per million output. For individual researchers or small-time attackers, that adds up.

Open-source alternatives like DeepSeek 3.2 change the math significantly. The model For a sophisticated attacker willing to invest in prompt engineering and workflow optimization, the economics now support running vulnerability discovery at scale.

The implication is straightforward: AI will increasingly find vulnerabilities that human researchers would have missed or not had time to look for. That is not speculation. It is already happening.

DEFENDER'S DILEMMA

Microsoft's April 2026 Patch Tuesday was the company's second-largest on record. The company credited one vulnerability to an Anthropic researcher using Claude, a data point that though it demonstrates the technology's capability in practice.

The core tension for defenders is that The CVSS scoring system, the standard severity metric, does not account for whether a flaw is actually reachable in a given network or whether it aligns with any active attack path. It rates theoretical severity, not operational risk.

Every forgotten server, every legacy application, every internal tool that never got updated is a potential entry point that AI will find and attackers will target.

WHAT DOES ONE DO

The strategic shift is away from the idea that you can patch everything and toward assuming your environment contains unknown vulnerabilities that AI will find. That means:

Isolation matters more than ever. Network segmentation, application sandboxing, and strict least-privilege access controls do not prevent vulnerabilities, but they limit the blast radius when AI finds one. Assume lateral movement will succeed and build walls that make it expensive.

Prioritization is the only sustainable approach. With 50,000 vulnerabilities disclosed annually and AI generating additional findings, the task is no longer to fix everything. The task is to fix the things that matter: reachable, high-impact, and actively targeted. Investment in vulnerability intelligence that maps CVEs to your actual attack surface is not optional.

Automation is not optional. The velocity of both vulnerability discovery and exploit development has outpaced human triage capacity. Defenders need AI-powered prioritization and remediation workflows just to stay in the game.

Legacy systems are a liability you cannot afford. The advice to unsupported systems is a recognition that many organizations cannot patch their way out of technical debt. If you cannot remove an aging system, you must treat it as permanently compromised and architect around it.

The vulnerability market has shifted. Attackers now have AI assistants that work faster, cost less, and never sleep. The defenders who adapt fastest will be the ones who stop trying to find everything first and start assuming that AI will find what they missed.