Vulnerabilities - AI Adversaries Compress Time to Exploit
Basically, AI helps hackers exploit software flaws much faster than before.
AI has changed the game for cybersecurity, drastically reducing the time between vulnerability disclosure and exploitation. Rapid7 reveals this timeframe has dropped to just five days. Organizations must act swiftly to protect against these accelerated threats.
The Flaw
In 2025, the cybersecurity landscape saw a significant shift. AI and automation have empowered threat actors to accelerate their attacks, collapsing the time between vulnerability disclosure and exploitation. According to Rapid7's 2026 Global Threat Landscape Report, the median time from a vulnerability's publication to its inclusion in the CISA's Known Exploited Vulnerabilities (KEV) catalog has plummeted from 8.5 days to just five days. This drastic reduction means that what used to take weeks now happens in mere days, or even minutes.
The report emphasizes that this change isn't due to a transformation in the intent or sophistication of threat actors. Instead, it highlights an acceleration of existing tactics. Threat actors are now leveraging AI to scale their reconnaissance efforts, automate decision-making, and industrialize social engineering, resulting in a compressed timeline for exploitation.
What's at Risk
The report indicates that the volume of vulnerability exploitation has surged dramatically. In 2025, the confirmed exploitation of newly disclosed vulnerabilities rated CVSS 7 to 10 increased by 105% year on year, rising from 71 in 2024 to 146 in 2025. This uptick primarily involves vulnerabilities related to deserialization, authentication bypass, and memory corruption. Notably, these vulnerabilities often appear in critical systems such as file transfer systems, edge appliances, and collaboration platforms.
Vulnerability exploitation accounted for 25% of initial access in incident response incidents last year. The most common attack vector was valid accounts without multi-factor authentication (MFA), which constituted 44% of cases. This highlights the persistent challenge organizations face regarding identity-related threats.
Patch Status
Despite the alarming statistics, Rapid7 asserts that many successful intrusions stem from known, preventable conditions. These include exposed services, weak identity controls, and unpatched edge infrastructure. The report stresses that the speed at which these vulnerabilities are discovered and weaponized has increased, making it imperative for organizations to act swiftly.
CISOs are urged to focus on preventative measures that reduce the attack surface. This involves not only identifying and patching vulnerabilities but also understanding the context of their environment to make informed decisions. Organizations that neglect this proactive approach risk falling behind as attacker velocity continues to increase.
Immediate Actions
To combat the rising threat of AI-enabled adversaries, organizations must adopt a more strategic security posture. Rapid7 recommends a shift towards pre-emptive security measures. This includes reducing the conditions that attackers exploit, enhancing detection capabilities, and prioritizing actions based on material risk rather than alert volume.
Failure to adapt could lead to a widening gap between the speed of attacks and the ability to respond effectively. As the threat landscape evolves, organizations must remain vigilant and proactive to safeguard their systems against rapid exploitation of vulnerabilities.
Infosecurity Magazine