In April, an AI model wrote 181 working exploits against a single browser engine. The model before it had managed two.
Pointed at code it had never seen, it surfaced a flaw that had hidden inside OpenBSD for 27 years, and across its' scans it turned up more than 10,000 high and critical vulnerabilities. Nobody trained it to do this. The capability fell out of the model getting better at reasoning.
That last part should hold your attention longer than the exploit count. The headline is the number. The line that matters sits deeper, stated plainly in the work: finding a flaw just became effectively free, and the bottleneck in cyber defense has already moved from finding flaws to patching them fast enough.
I’ve spent more than 20 years securing enterprises, a stretch of it on a manufacturing floor running both the IT and the OT side, and later a decade as a security architect at a large networking vendor. A CCIE, a few patents in this field.
For most of my career, the difficulty of finding a flaw in deployed gear was a kind of accidental armor. It took a skilled researcher, real time, real budget. That cost protected the unprotectable by default: the controller behind a dead support contract, the device certified so tightly a patch voids the certification. It was never deliberate protection. It was just expensive to break.
The Expense is Collapsing, but the Cost is Still High
You still can’t patch a controller whose vendor folded in 2014. You can’t recompile firmware nobody is allowed to touch, or take a pressure-booster station offline in a heat wave to try.
Mandiant now clocks the average time-to-exploit at roughly negative seven days: the working exploit tends to arrive before the patch does. CrowdStrike’s CTO put it in a sentence: What once took months now happens in minutes. Defenders fully remediated about 26 percent of the known-exploited list last year, and that was the world before finding got cheap.
There’s a genuinely good side. Anthropic turned the same capability around through Project Glasswing: scan your code, write the patches, run the pre-release checks. It started with 11 firms and expanded on June 2 to roughly a 150 organizations across more than 15 countries. Real help, and I’m glad it exists.
It Doesn’t Reach the Deployed Gear
It fixes code you own and can rebuild. For the operator who can’t patch, it hands back a longer list of doors already unlocked. That deployed layer is most of critical infrastructure, and it sits outside the help by design.
So look at what stopped the attacker. The most capable offensive model anyone has fielded ran thousands of scans against hardened Linux kernels and was held off cold. It lost for a reason worth memorizing.
Defense in depth assumes the attacker gets in. You build it so the door someone forces opens onto a hallway, and the hallway onto another locked door, until one more room costs more than the prize. It doesn’t care how fast you find the first door. It makes the next one expensive.
That isn’t a slogan, and it isn’t a vendor’s wish list. It’s what IEC 62443 and the NIST frameworks have mandated for years, with the CIS Controls and CISA’s performance goals saying the same in plainer words. The list is unglamorous, and it hasn’t changed.
- Know what you have. An honest asset inventory, because you can’t defend the device you can’t see.
- Put multi-factor authentication on every remote and privileged path. MFA alone blocks the majority of account takeovers, and it’s still skipped most often.
- Kill default and shared credentials. A Pennsylvania water authority lost a booster station in 2023 to a controller still set to 1111.
- Patch what you can, the known-exploited list first, and wrap named compensating controls around the gear that can’t be patched.
- Segment the network so a foothold on one machine never becomes the run of the plant. More than seventy percent of breaches move sideways once they land.
Segmentation is one line on that list, not the headline. None of it demos well. None of it wins the budget meeting, which pulls you toward the AI pilot in the report. Fund the foundational controls anyway. They held against the best offensive model on the planet for the same reason they hold against a teenager and a default password.
Capability is roughly doubling every few months. The morning a flaw in your deployed gear gets found is coming, and you won’t pick it. The work that survives that morning is the work nobody puts on a banner.
