Branchoria AI Doom AI Doom

Clear, balanced answers on advanced AI, loss of control and existential risk.

Within Cyberattack AI

Can defenders patch before AI attackers strike?

AI-assisted exploit work can narrow the window between disclosure, weaponisation, and patching, changing how cyber risk escalates.

On this page

  • Why exploit timelines are shrinking
  • What faster weaponisation means for defenders
  • Where the evidence remains uncertain
Preview for Can defenders patch before AI attackers strike?

Introduction

The central question in the zero-day exploit race is simple: can defenders patch vulnerabilities before attackers turn them into working attacks? AI is beginning to change the answer. For decades, cyber defence relied heavily on time. Once a vulnerability was disclosed, organisations had a window—sometimes weeks, sometimes months—to understand the flaw, create patches, test systems and deploy updates. AI-assisted vulnerability research and exploit development threaten to compress that window dramatically. Recent assessments from the UK’s National Cyber Security Centre (NCSC) argue that the gap between disclosure and exploitation, already measured in days for many important vulnerabilities, is likely to shrink further as AI systems become more capable. [National Cyber Security Centre]ncsc.gov.ukimpact ai cyber threat now 2027National Cyber Security CentreImpact of AI on cyber threat from now to 20277 May 2025 — By 2027, AI-enabled tools will almost certainly e…Published: May 2025

Exploit race illustration 1 Within the broader AI doom debate, this matters because cyber defence is one of the foundations of modern society. If advanced AI systems enable attackers to discover, weaponise and deploy exploits at machine speed, defenders may increasingly struggle to keep critical infrastructure, governments and major companies secure. Whether that dynamic could contribute to larger loss-of-control scenarios remains highly contested, but the mechanism itself—the shortening of the exploit race—is one of the more concrete pathways through which AI could amplify cyber risk. [National Cyber Security Centre]ncsc.gov.ukimpact ai cyber threat now 2027National Cyber Security CentreImpact of AI on cyber threat from now to 20277 May 2025 — By 2027, AI-enabled tools will almost certainly e…Published: May 2025

Why exploit timelines are shrinking

A zero-day vulnerability is a software flaw that defenders do not yet know about or have not yet patched. Historically, finding such flaws and turning them into reliable exploits required highly specialised expertise. The bottleneck was human labour.

AI changes that bottleneck in several ways at once.

First, modern models can analyse large codebases far faster than individual researchers. Rather than manually reviewing thousands of files, an AI system can examine extensive software projects, identify suspicious logic and suggest likely attack paths. The NCSC has warned that AI-enabled tools are likely to enhance vulnerability research and exploitation, increasing the speed with which attackers can act after vulnerabilities become known. [National Cyber Security Centre]ncsc.gov.ukimpact ai cyber threat now 2027National Cyber Security CentreImpact of AI on cyber threat from now to 20277 May 2025 — By 2027, AI-enabled tools will almost certainly e…Published: May 2025

Second, AI can help bridge the difficult gap between discovering a flaw and producing a working exploit. That step often requires understanding how software behaves in practice, adapting to security defences and iteratively refining attack techniques. Recent research benchmarks such as ExploitGym suggest that frontier AI systems can already produce working exploits for a meaningful subset of real-world vulnerabilities, although their performance remains far from perfect. [arXiv]arxiv.orgarXivExploitGym: Can AI Agents Turn Security Vulnerabilities into Real Attacks?May 11, 2026…Published: May 11, 2026

Third, AI can operate continuously. Human researchers need sleep, coordination and time to move between tasks. AI systems can search, test and refine candidate exploits around the clock, potentially examining thousands of targets in parallel. This does not guarantee success, but it changes the economics of offensive cyber operations by making large-scale experimentation cheaper and faster. [National Cyber Security Centre]ncsc.gov.ukimpact ai cyber threat now 2027National Cyber Security CentreImpact of AI on cyber threat from now to 20277 May 2025 — By 2027, AI-enabled tools will almost certainly e…Published: May 2025

The result is not necessarily a sudden leap from “safe” to “unsafe”. Instead, the concern is a steady compression of timelines. A process that once took months may take weeks; one that took weeks may take days; one that took days may take hours.

AI and its Impact on Offensive Security Roles in 2026

Channel: Off By One Security · Views: 2.0K · Uploaded: January 2026 · Length: 1 hour 3 minutes

Open on YouTube

What faster weaponisation means for defenders

The most important effect is not merely that attackers become more capable. It is that defenders lose time.

Cybersecurity has long depended on a race between disclosure and exploitation. When a vulnerability becomes public, organisations rush to patch systems before attackers can build and distribute exploit code. The NCSC notes that this race already operates on timescales of days for many vulnerabilities and expects AI to reduce those timelines further. [National Cyber Security Centre]ncsc.gov.ukimpact ai cyber threat now 2027National Cyber Security CentreImpact of AI on cyber threat from now to 20277 May 2025 — By 2027, AI-enabled tools will almost certainly e…Published: May 2025

This creates several pressures:

  • Patch management becomes harder. Large organisations often require testing before deploying updates to critical systems. Faster exploitation leaves less room for cautious rollouts.
  • Long-tail vulnerabilities become more dangerous. AI-assisted attackers may be able to generate exploits for flaws that previously received little attention because exploiting them required too much effort.
  • Critical infrastructure faces greater exposure. Operators of industrial systems, healthcare networks and public services frequently cannot patch instantly. Compressed timelines increase the chance that vulnerabilities are exploited before fixes are deployed.
  • Defensive teams become overwhelmed. Security teams already struggle to prioritise large numbers of vulnerabilities. Faster exploitation reduces their margin for error.

One striking illustration comes from recent industry efforts to quantify the changing landscape. The “Zero-Day Clock” project argues that average exploitation timelines have collapsed over recent years and may continue shrinking as AI-assisted vulnerability research improves. While such projections should be treated cautiously, they capture a widely shared concern: the traditional assumption that defenders have substantial time after disclosure is becoming less reliable. [Tom's Hardware]tomshardware.comCreated by Sergej Epp from Sysdig and supported by major tech firms, ZDC demonstrates how artificial intelligence has reduced the average…

A concrete example: AI-assisted zero-day development

The debate moved beyond theory in 2026 when Google Threat Intelligence Group reported what it described as the first observed case of threat actors using AI to discover and weaponise a zero-day vulnerability. According to Google’s analysis, attackers identified a logic flaw that allowed two-factor authentication to be bypassed in a widely used administration tool. Researchers argued that the vulnerability involved contextual reasoning about software behaviour rather than the sort of bug that conventional automated scanners typically find. blog.google SecurityWeek The significance of this incident was not that AI independently conducted an entire attack. Rather [securityweek.com]securityweek.comGoogle Detects First AI-Generated Zero-Day Exploit6 hours ago — For the first time, Google has identified a zero-day exploit believed to…, it suggested that AI could contribute meaningfully to one of the most difficult stages of cyber operations: discovering and understanding subtle vulnerabilities that require reasoning about developer intent and system logic. [CSO Online]csoonline.comgoogle discovers weaponized zero day exploits created with aithreats, and managing identity protection. Credit: Summit Art Creations / Shutterstock. The Google Threat Intelligence Group (GTIG) today…

For AI doom discussions, examples like this attract attention because they hint at a future in which vulnerability discovery and exploit creation become increasingly automated. If highly capable systems can repeatedly find and weaponise flaws faster than defenders can respond, cyber operations could become more scalable and less dependent on scarce human expertise. [blog.google]blog.googleToday we're releasing a report that details the latest observations from Google Threat Intelligence…Read more…

Exploit race illustration 2

Why this matters for existential-risk arguments

Most AI doom arguments do not claim that faster cyberattacks alone would cause human extinction. Instead, the concern is that cyber capabilities could interact with other forms of advanced AI capability.

Several pathways are often discussed:

  • A highly autonomous system seeking resources or strategic advantage might use cyber operations to gain access to infrastructure.
  • States or organisations racing to deploy increasingly capable AI might neglect security in order to move faster.
  • Automated exploit discovery could undermine confidence in critical digital systems during periods of geopolitical instability.
  • AI systems could become force multipliers for small groups, allowing them to conduct cyber operations previously requiring large teams of experts.

These concerns involve substantial speculation. There is currently no evidence that existing AI systems can autonomously conduct the kinds of large-scale cyber campaigns envisioned in stronger AI doom scenarios. However, many researchers view exploit automation as an important enabling capability that could become more significant if AI systems continue to improve in reasoning, planning and autonomy. [National Cyber Security Centre]ncsc.gov.ukimpact ai cyber threat now 2027National Cyber Security CentreImpact of AI on cyber threat from now to 20277 May 2025 — By 2027, AI-enabled tools will almost certainly e…Published: May 2025

The Zero-Day Clock: How AI Shrank Exploit Times from Months to Hours

Channel: Cloud Security Podcast · Views: 11.5K · Uploaded: April 2026 · Length: 50 minutes

Open on YouTube

Where the evidence remains uncertain

Despite growing concern, several important uncertainties remain.

Current AI systems still struggle with many exploits

Research benchmarks show meaningful progress, but they also reveal limitations. Even strong frontier models fail on many real-world exploitation tasks. Exploit development often requires adapting to unexpected system behaviour, understanding complex environments and overcoming multiple layers of defence. Human experts still outperform AI in many difficult cases. [arXiv]arxiv.orgarXivExploitGym: Can AI Agents Turn Security Vulnerabilities into Real Attacks?May 11, 2026…Published: May 11, 2026

Defensive AI is improving too

The same technologies that help attackers can help defenders. The NCSC has argued that frontier AI may improve vulnerability discovery, system hardening, security testing and threat detection. If defensive deployment keeps pace with offensive deployment, the overall balance may not shift as dramatically as some fear. [National Cyber Security Centre]ncsc.gov.ukimpact ai cyber threat now 2027National Cyber Security CentreImpact of AI on cyber threat from now to 20277 May 2025 — By 2027, AI-enabled tools will almost certainly e…Published: May 2025

Exploit race illustration 3

Real-world measurements are difficult

Claims about exploit timelines shrinking from months to days or even minutes are attention-grabbing, but measuring exploitation speed across the entire internet is inherently challenging. Different vulnerability classes, software ecosystems and attacker groups behave differently. Some vulnerabilities are exploited immediately; others are never exploited at all. Projections about future timelines therefore contain considerable uncertainty. [Tom's Hardware]tomshardware.comCreated by Sergej Epp from Sysdig and supported by major tech firms, ZDC demonstrates how artificial intelligence has reduced the average…

The jump from cyber risk to existential risk remains debated

Even researchers who worry about AI-enabled cyberattacks disagree about how directly they connect to AI doom. Some view exploit automation as a serious but manageable cybersecurity problem. Others see it as one component of a broader picture in which increasingly capable AI systems erode human control across multiple domains simultaneously. The disagreement is less about whether AI can accelerate cyber operations and more about how far those capabilities could eventually scale. [National Cyber Security Centre]ncsc.gov.ukimpact ai cyber threat now 2027National Cyber Security CentreImpact of AI on cyber threat from now to 20277 May 2025 — By 2027, AI-enabled tools will almost certainly e…Published: May 2025

What warning signs would matter most?

For readers interested in existential-risk arguments, the most important indicators are not isolated cyber incidents but evidence that the exploit race is continuing to compress.

Warning signs would include:

  • AI systems routinely finding previously unknown vulnerabilities before expert human teams.
  • Reliable AI-generated exploits for a large fraction of critical vulnerabilities.
  • Widespread evidence that exploitation occurs almost immediately after disclosure.
  • Large-scale autonomous vulnerability research conducted with minimal human oversight.
  • Security organisations consistently failing to patch systems before AI-assisted attacks appear.

None of these thresholds has clearly been crossed yet. However, recent assessments from government agencies, security researchers and major technology companies suggest that the trend is moving in that direction, making the race between disclosure, patching and exploitation an increasingly important part of the broader discussion about advanced AI risk. [arXiv]arxiv.orgarXivExploitGym: Can AI Agents Turn Security Vulnerabilities into Real Attacks?May 11, 2026…Published: May 11, 2026 [3National Cyber Security Centre 3blog.google]ncsc.gov.ukimpact ai cyber threat now 2027National Cyber Security CentreImpact of AI on cyber threat from now to 20277 May 2025 — By 2027, AI-enabled tools will almost certainly e…Published: May 2025

Inside the UK’s Cyber Strategy: Richard Horne on Resilience, Risk, and AI

Channel: McCrary Institute · Views: 1.1K · Uploaded: July 2025 · Length: 35 minutes

Open on YouTube

Amazon book picks

Further Reading

Books and field guides related to Can defenders patch before AI attackers strike?. Use these as the next step if you want deeper reading beyond the article.

Browse more on Amazon: Sandworm The Coming Wave This Is How They Tell Me the World Ends

As an Amazon Associate I earn from qualifying purchases.

eBay marketplace picks

Marketplace Samples

Example marketplace items related to this page. Use the search link to explore similar finds on eBay.

Using USA
Browse more on eBay.com

Example items shown for inspiration; availability and pricing can change. Branchoria may earn a commission if you purchase through outbound eBay links.

Browse more on eBay.co.uk

Example items shown for inspiration; availability and pricing can change. Branchoria may earn a commission if you purchase through outbound eBay links.

Endnotes

  1. Source: arxiv.org
    Link: https://arxiv.org/abs/2605.11086
    Source snippet

    arXivExploitGym: Can AI Agents Turn Security Vulnerabilities into Real Attacks?May 11, 2026...

    Published: May 11, 2026

  2. Source: arxiv.org
    Link: https://arxiv.org/abs/2503.17332

  3. Source: arxiv.org
    Link: https://arxiv.org/abs/2506.02548

  4. Source: blog.google
    Link: https://blog.google/innovation-and-ai/infrastructure-and-cloud/google-cloud/google-threat-intelligence-group-report/
    Source snippet

    Today we're releasing a report that details the latest observations from Google Threat Intelligence...Read more...

  5. Source: securityweek.com
    Link: https://www.securityweek.com/google-detects-first-ai-generated-zero-day-exploit/
    Source snippet

    Google Detects First AI-Generated Zero-Day Exploit6 hours ago — For the first time, Google has identified a zero-day exploit believed to...

  6. Source: cloud.google.com
    Title: ai vulnerability exploitation initial access
    Link: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access
    Source snippet

    Leverage AI for Vulnerability Exploitation...3 days ago — Google Threat Intelligence. Visibility and context on the threats that matter...

  7. Source: about.google
    Link: https://about.google/
    Source snippet

    Our products, technology and company...Learn more about Google. Explore our innovative AI products and services, and how we're using tec...

  8. Source: arxiv.org
    Link: https://arxiv.org/html/2605.11086v1
    Source snippet

    ExploitGym: Can AI Agents Turn Security Vulnerabilities...2 days ago — The agent is tasked with transforming the PoV into a working exploit...

  9. Source: arxiv.org
    Link: https://arxiv.org/html/2605.06713v1
    Source snippet

    actors' ability to exploit known vulnerabilities and reduce the time...Read more...

  10. Source: arxiv.org
    Link: https://arxiv.org/pdf/2605.11086
    Source snippet

    ExploitGym: Can AI Agents Turn Security Vulnerabilities...by Z Wang · 2026 · Cited by 1 — In contrast, ExploitGym provides a unified and...

  11. Source: blog.google
    Link: https://blog.google/
    Source snippet

    on the Keyword, Google's official blog...

  12. Source: search.google
    Link: https://search.google/

  13. Source: ncsc.gov.uk
    Title: impact ai cyber threat now 2027
    Link: https://www.ncsc.gov.uk/report/impact-ai-cyber-threat-now-2027
    Source snippet

    National Cyber Security CentreImpact of AI on cyber threat from now to 20277 May 2025 — By 2027, AI-enabled tools will almost certainly e...

    Published: May 2025

  14. Source: ncsc.gov.uk
    Title: ai to 2027 threat assessment
    Link: https://www.ncsc.gov.uk/news/ai-to-2027-threat-assessment
    Source snippet

    National Cyber Security CentreUK critical systems at increased risk from 'digital divide...7 May 2025 — It warns that, by 2027, AI-enabl...

    Published: May 2025

  15. Source: ncsc.gov.uk
    Title: chapter 01 cyber threat to the uk
    Link: https://www.ncsc.gov.uk/collection/ncsc-annual-review-2025/chapter-01-cyber-threat-to-the-uk
    Source snippet

    Chapter 01: Countering the cyber threat14 Oct 2025 — In the last 18 months, security researchers have identified new techniques that expl...

  16. Source: ncsc.gov.uk
    Title: impact of ai on cyber threat
    Link: https://www.ncsc.gov.uk/report/impact-of-ai-on-cyber-threat
    Source snippet

    National Cyber Security CentreThe near-term impact of AI on the cyber threat24 Jan 2024 — This assessment focuses on how AI will impact t...

  17. Source: ncsc.gov.uk
    Title: why cyber defenders need to be ready for frontier ai
    Link: https://www.ncsc.gov.uk/blogs/why-cyber-defenders-need-to-be-ready-for-frontier-ai
    Source snippet

    Reducing the attack surface – or system hardening · 2. Improving threat...Read more...

  18. Source: tomshardware.com
    Link: https://www.tomshardware.com/tech-industry/cyber-security/zero-day-clock-visualizes-and-quantifies-the-effects-of-ai-on-software-security-time-until-exploit-went-from-one-year-to-one-day-and-projected-to-be-one-minute-soon-enough
    Source snippet

    Created by Sergej Epp from Sysdig and supported by major tech firms, ZDC demonstrates how [artificial]({{ 'artificial-goals/' | relative_url }}) intelligence has reduced the average...

  19. Source: csoonline.com
    Title: google discovers weaponized zero day exploits created with ai
    Link: https://www.csoonline.com/article/4169046/google-discovers-weaponized-zero-day-exploits-created-with-ai.html
    Source snippet

    threats, and managing identity protection. Credit: Summit Art Creations / Shutterstock. The Google Threat Intelligence Group (GTIG) today...

  20. Source: ncsc.gov.uk
    Title: retaining defensive advantage in the age of frontier ai cyber capabilities
    Link: https://www.ncsc.gov.uk/blogs/retaining-defensive-advantage-in-the-age-of-frontier-ai-cyber-capabilities
    Source snippet

    Respond to a cyber attack. Back. Respond to a cyber...Read more...

  21. Source: ncsc.gov.uk
    Link: https://www.ncsc.gov.uk/

  22. Source: Wikipedia
    Link: https://en.wikipedia.org/wiki/Google
    Source snippet

    GoogleGoogle is the largest provider of search engines, mapping and navigation applications, email services, office suites, online vid...

Additional References

  1. Source: axios.com
    Link: https://www.axios.com/2026/05/12/ai-hacking-found-google-report
    Source snippet

    AI-assisted hacking is already here, Google warns3 days ago — Researchers have found the first known case of cybercriminals using AI to e...

  2. Source: openreview.net
    Link: https://openreview.net/forum?id=3pk0p4NGmQ
    Source snippet

    CVE-Bench: A [Benchmark]({{ 'benchmark-limits/' | relative_url }}) for AI Agents' Ability to Exploit...by Y Zhu · Cited by 49 — TL;DR: We introduce a cybersecurity benchmark for ev...

  3. Source: machinebrief.com
    Link: https://www.machinebrief.com/news/exploitation-ai-a-double-edged-sword-in-cybersecurity-twou
    Source snippet

    Exploitation AI: A Double-Edged Sword in Cybersecurity9 hours ago — ExploitGym reveals AI's dual-use exploitation capabilities, showcasin...

  4. Source: linkedin.com
    Link: https://www.linkedin.com/posts/max-planck-institute-for-security-and-privacy_exploitgym-can-ai-agents-turn-security-vulnerabilities-activity-7462125428321984514-x-Bn
    Source snippet

    Max Planck Institute for Security and Privacy (MPI-SP)'s PostHow good are today's AI agents at turning known software vulnerabilities int...

  5. Source: techradar.com
    Link: https://www.techradar.com/pro/security/this-is-the-tip-of-the-iceberg-google-experts-say-they-have-seen-hackers-using-ai-to-discover-and-weaponize-a-zero-day-for-the-first-time
    Source snippet

    This marks a shift from isolated AI-assisted efforts to industrial-scale AI-driven attacks. The vulnerability targeted a widely-used open...

  6. Source: theverge.com
    Link: https://www.theverge.com/tech/928007/google-ai-zero-day-exploit-stopped
    Source snippet

    The exploit targeted an open-source, web-based system administration tool, aiming to bypass two-factor authentication through a logic fla...

  7. Source: infosecurity-magazine.com
    Link: https://www.infosecurity-magazine.com/news/uk-faces-a-cyber-perfect-storm-ncsc/
    Source snippet

    UK Faces a Cyber 'Perfect Storm'1 day ago —... cyber risk, the NCSC warns.... threat actors, even with the threats from AI looming,” he...

  8. Source: linkedin.com
    Link: https://www.linkedin.com/posts/davey-mcglade-4b9a62131_impact-of-ai-on-cyber-threat-from-now-to-activity-7325844821523275776-mjE4
    Source snippet

    NCSC report: AI and cyber security to 2027We have published a new assessment on how AI will transform the cyber threat to 2027. Developme...

  9. Source: linkedin.com
    Link: https://www.linkedin.com/pulse/google-stops-first-ai-generated-zero-day-why-b3v6e
    Source snippet

    🚨 Google Stops the First AI-Generated Zero-DayAI security stopped being theoretical this week. Google Threat Intelligence disrupted the f...

  10. Source: linkedin.com
    Link: https://www.linkedin.com/posts/keith-king-03a172128_ai-is-collapsing-the-cybersecurity-response-activity-7465083322403106816-hEGG

Topic Tree

Follow this branch

Parent topic

Cyberattack AI AI Driven Cyberattacks: Automation and Emerging Risks

Related pages 2