AI Accelerates Vulnerability Exploitation: A New Era in Cybersecurity

In 2026, the average time from vulnerability disclosure to exploitation has drastically decreased to around 8 hours, down from 53 days in 2024. This rapid weaponization is attributed to advancements in AI, which can autonomously discover and exploit vulnerabilities. The 2026 Verizon Data Breach Investigations Report indicates that the median fix time for known-exploited vulnerabilities has risen to 43 days, while the percentage of organizations fully patching these vulnerabilities has dropped from 38% to 26%. With over 48,185 CVEs reported in 2025, less than 0.6% have been patched. The emergence of AI models like Anthropic's Mythos has further complicated the landscape, as they can find flaws in even the most secure systems, such as OpenBSD. The focus has shifted from identifying vulnerabilities to assessing what is currently exploitable against existing defenses. Automated penetration testing tools are increasingly being adopted to address this challenge.

Key Points: • The average disclosure-to-exploit timeframe is now approximately 8 hours. • Only 26% of organizations fully patch known-exploited vulnerabilities. • AI models like Mythos can autonomously find and weaponize vulnerabilities.