AI now finds software vulnerabilities faster than they get patched
Recent developments in AI have led to a significant shift in software security dynamics. AI can now identify vulnerabilities faster than they can be patched, creating a dangerous gap in the security model. This change highlights the need for new operational strategies to manage the increasing speed of vulnerability discovery.
- ▪AI agents have found over 10,000 high- or critical-severity vulnerabilities in important software.
- ▪Only 75 out of 530 high-severity bugs disclosed by Anthropic have been patched.
- ▪The traditional software security model is now overwhelmed by the speed of AI-driven discovery.
Opening excerpt (first ~120 words) tap to expand
For thirty years, software security has been gated by a single scarce resource: skilled humans who can find vulnerabilities. Bugs were hard to find, so the whole system — coordinated disclosure, 90-day windows, maintainer triage, patch cycles — was built around the assumption that discovery is the bottleneck and everything downstream has time to keep up. That assumption broke this week. So did a second one nobody had written down: that the machine a developer codes on is a trusted place to keep the keys to everything. The week’s headlines were about Google’s agent stack and a $1.25-billion-a-month compute bill. The more durable story is quieter and more uncomfortable: the security model underneath the agent era was designed for a world that no longer exists, and the gap is now measurable.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at Thenewguard.
Discussion
0 commentsMore from Thenewguard
