AI turns patches into working exploits in 30 minutes, and the 90-day disclosure window is the casualty

A recent development in AI has raised alarms in the cybersecurity community, as language models are now capable of identifying security vulnerabilities and converting patches into functioning exploits in as little as 30 minutes. This rapid evolution poses significant challenges to the traditional 90-day disclosure window, a timeframe that has long been standard for reporting and addressing security flaws. The implications of this shift are profound, affecting how companies manage vulnerabilities and respond to threats.

Veteran cybersecurity researcher, who has not been named, argues that the established disclosure process is outdated in light of these advancements. With AI accelerating the exploitation of vulnerabilities, the risk to organizations increases dramatically, as attackers can leverage these tools to exploit weaknesses before companies have a chance to implement fixes. This situation creates a pressing need for a reevaluation of disclosure practices, as the current model may no longer provide adequate protection for users or systems.

For users and organizations, this means a heightened urgency to adopt more proactive security measures and to stay ahead of potential exploits. The market may see a shift towards more agile vulnerability management strategies, as companies scramble to adapt to the new landscape where AI can outpace traditional security protocols. Competitors in the cybersecurity space will need to innovate rapidly to offer solutions that can mitigate these risks effectively.

Looking ahead, the industry will need to monitor how disclosure practices evolve in response to the capabilities of AI, as well as the potential regulatory changes that may arise from these developments.