For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work.
Today, that buffer is gone.
AI didn’t make your team slower. It changed the other side of the equation, compressing discovery-to-exploit from months to hours. And the sad truth for defenders is that a process built for breathing room can’t survive without it.
AI Turned Vulnerability Discovery Into a Volume Game
In its May 2026 update, Anthropic reported that it and approximately 50 partners used Claude Mythos Preview to find more than 10,000 high- or critical-severity vulnerabilities in systemically important software in a single month.
Earlier figures were just as stark.
Pointed at Firefox, the gated Mythos model wrote 181 working exploits, against just 2 from the previous frontier model. It surfaced vulnerabilities across every major OS and browser, including an OpenBSD bug that had sat undetected for 27 years.
At the time of writing, more than 99% of what it found was still unpatched.
 |
| Figure 1. February 2026, FortiGate Campaign |
An AWS threat-intelligence report from February 2026 shows the flip side: no zero-days needed, just weak credentials, industrialized through a custom MCP server running offensive tools autonomously. AWS confirmed 600+ devices across 55+ countries; the actor’s logs, according to independent researchers, queued 2,516 devices across 106 countries.
Either way, the rules have clearly changed. What once took rare expertise now runs at machine speed and scale.
The Vulnerability Weaponization Window Has Collapsed, Too
Defenders used to have months between a CVE going public and its first confirmed exploitation in the wild, the window known as time-to-exploit (TTE).
That window has slammed shut.
Zero Day Clock puts the 2026 average at roughly 24 hours, down from ~53 days in 2024.
 |
| Figure 2. Mean time-to-exploit (TTE) by Zero Day Clock |
The breach data agrees, too.
Verizon’s 2026 DBIR ties 32% of initial-access techniques to exploitation of vulnerabilities and expects that number to climb, because AI coding assistants now put exploit-building, porting a tool to a new language, and discovering fresh flaws all within reach for attackers who’ve never had them before.
 |
| Figure 3. Generative AI-assisted techniques categorized as initial access methods by Verizon’s 2026 DBIR |
Telling Teams to Patch Faster Is Like Telling a Freighter to Brake on a Dime
The industry’s reflex answer is to patch faster. Regulators are codifying it: Many regulations now point toward same-day fixes for some critical vulnerabilities. Boards expect it. Executives demand it.
But remediation isn’t a switch. Patches clear regression testing, wait for change windows, need to wait for approvals, and respect existing uptime and compliance commitments. Taking production down to outrun an exploit ends up being just a different outage.
And the data shows everything’s moving the wrong way.
The Verizon 2026 DBIR tracked 13,000+ organizations:
- Median fix time for known-exploited vulnerabilities: 43 days, up from 32 the year before
- Amount that were fully patched: down from 38% to 26%
When offense runs in hours and remediation runs in weeks, the breach almost always happens in between.
Again, per Verizon’s DBIR, even the best-performing organizations close only 30-40% of known-exploited vulnerabilities in the first week after detection: a rate that’s barely moved despite years of steady investment.
So, ordering teams to patch faster doesn’t change the physics, and it feels like ordering a freighter to brake on a dime.
The Bottleneck Moved. So Must the Strategy.
For two decades, vulnerability management ran on a tidy set of assumptions:
- Find the flaws,
- Score them by severity,
- Patch the worst first.
When a few dozen criticals landed per quarter, CVSS triage worked. Unfortunately, it doesn’t stand a chance against hundreds or thousands of disclosures a day.
Dipping back to Verizon’s DBIR one more time, the median organization had to patch 16 known-exploited vulnerabilities in 2025, up from 11 the year before, a jump of nearly 50%.
That was before AI-discovered flaws began flooding the catalog.
Severity scores, meanwhile, don’t tell you whether a flaw is reachable in your environment, whether your controls will already block it, or whether it chains to anything that matters. A severity list where everything is a “9” or “10” essentially prioritizes nothing.
So the useful question stops being “what’s vulnerable?” and becomes “what’s actually exploitable against us right now: and would our defenses catch it if someone tried?”
This is exactly the question Breach and Attack Simulation (BAS) was built to answer.
Why BAS Becomes the Cornerstone Against AI-Powered Attacks
BAS takes real-world adversary techniques, the TTPs behind the campaign in the latest headline, and safely runs them against your live prevention and detection stack. Not a scan. Not a theoretical mapping. An actual exercise that shows what your tools will actually block, what they’ll detect, and what will slip through.
In a world drowning in disclosures, that does three things that vulnerability management alone can’t. BAS:
- Separates the theoretical from the real. A flaw your WAF, IPS, and EDR already neutralize is a very different problem from one that waltzes straight in. BAS shows which is which, so teams stop treating every CVE as a five-alarm fire.
- Validates the controls you’ve already paid for. Most enterprises run anywhere from ten to seventy security tools with countless overlapping policies; BAS measures whether they fire as configured and surfaces the residual risks hiding in the gaps.
- Buys time to patch safely. When you can prove a critical asset is already covered by hardened controls, the patch can move through normal change control instead of an emergency rollout. When it isn’t covered, you know to mitigate first.
That payoff is starting to show up in budgets: field reports increasingly point to CISOs reserving dedicated spend for BAS that wasn’t a separate line item a year ago.
This is the shift Gartner now labels Adversarial Exposure Validation: blending security effectiveness (“Are my controls working?”) with business context (“Which assets matter most, and what’s truly reachable?”) to prioritize by your organization’s reality instead of by hypothetical raw scores.
Paired with autonomous penetration testing, which proves whether an attacker can chain exposures from their initial foothold to your organization’s crown jewels, BAS completes the picture.
One side asks, “Wait, can they breach us?” The other asks, “But would we catch it?”
Running together, BAS and autonomous pentesting replace guesswork with evidence.
BAS Has to Run Autonomously at Machine Speed Too
There’s a catch.
If adversaries are operating autonomously, a validation cycle that takes a human a week to complete is obsolete on arrival. Machine-speed attacks demand machine-speed defenses, and the only thing fast enough to counter autonomous offense is autonomous defense.
The honest objection to pointing raw generative AI at this is safety. As Picus CTO Volkan Erturk has warned, a model told to invent an exploit might hand back a live malware sample, or hallucinate techniques a group never uses. You don’t want unvetted binaries detonating in production, or defenses built against attacks that don’t, or can’t, exist.
 |
| You can watch it on demand here. |
Picus’ fix is to put the model in charge of coordination, not creation.
Rather than asking AI to write payloads, Picus’ agentic BAS matches a fresh threat report against a curated, pre-vetted library of safe, ready-made test building blocks. A security team names a threat, and a multi-agent system takes it from there: one agent identifies the threat and builds a research plan, others gather and validate the intelligence from multiple sources, and a builder agent maps the adversarial TTPs into attack chains ready for simulation.
The output is an accurate, ready-to-run simulation, assembled in minutes.
This collapses the loop. A CISA alert or a forwarded headline becomes a scoped test, a posture score, prioritized mitigations, and an executive report, often in minutes, with humans reviewing exceptions rather than driving, and slowing down, every step.
This Is What the Picus Platform Is Built For
Patching is still essential, but where AI discovers flaws by the thousands and weaponizes them in hours, patching alone can’t be your whole strategy. If the offense is autonomous, the defense has to operate at least at the same speed, and that’s exactly what Picus was built to do.
What scales with the threat is validation: confirming what your controls will actually stop, proving what’s exploitable, and spending remediation time and talent only where it will change the outcome. AI-powered, agentic BAS is one of the core pillars of the Picus Platform, continuously testing whether your defenses block and detect what matters without waiting on a human to kick off the process or advance to the next cycle. And when a gap is uncovered, the platform points to the vendor-specific mitigation needed, and doesn’t just create another ticket on the pile, then re-validates to confirm that the gap has actually been closed.
The need to say, on the spot, whether a fresh headline puts the business at risk isn’t going away anytime soon. The Picus Platform gives security teams that answer before anyone asks.
Find out if the next headline puts you at risk, before it drops. Request a demo.
Note: This article was written by Sıla Özeren Hacıoğlu, Security Research Engineer at Picus Security.