Researchers from the University of Illinois found that GPT-4 could autonomously exploit 87% of a curated 15-vulnerability one-day dataset when provided with a common vulnerabilities and exposures description.
This margin was closed by Claude Mythos Preview, which autonomously discovered thousands of zero-day vulnerabilities across major operating systems and browsers, and scored 83.1% on the CyberGym vulnerability reproduction benchmark, demonstrating they could tackle reliability issues with AI agents.
In one campaign, the total compute cost was less than $20,000.
Exploitation Timelines are Collapsing
Langflow’s CVE-2026-33017 was exploited 20 hours after disclosure, while Marimo’s CVE-2026-39987 was hit in 9 hours and 41 minutes, highlighting the speed at which vulnerabilities are being exploited, with the report stating that the median time from CVE publication to known exploited vulnerabilities listing is five days.
Google’s report found that exploitation is happening before a patch is even released, making it essential for organizations to reassess their patching processes, as they prioritize by severity alone, which quantifies a vulnerability’s severity without considering whether it is being exploited in the wild.
A New Prioritization Approach
A recent study offers a concrete replacement: a three-layer decision tree incorporating known exploited vulnerabilities status, prediction scores, and severity, resulting in an 18x efficiency gain and 85.6% coverage of exploited vulnerabilities.
This approach is entirely automatable, allowing organizations to build a script to query the API and have that script run against their asset inventory for every published CVE, making it a more effective way to prioritize vulnerabilities, and they can use tips for handling technology news to stay informed.
Authorization Boundaries and AI Agents
The Internet Engineering Task Force is working on authorization models for agents, proposing the use of the current Secure Production Identity Framework and OAuth 2.0 for AI agents to obtain dynamically provisioned credentials.
A survey found that 53% of organizations had already seen cases where AI agents exceeded their intended permissions, and 47% experienced a security incident involving an agent, highlighting the need for security teams to proactively incorporate agent-level test scenarios for all authorization boundaries.
Implementing Event-Driven Patching
Organizations should implement event-driven patching, triggering patching on a CVE publication instead of waiting for the next maintenance window, using feeds to trigger patching, and test authorization boundaries at agent scale.
They should also patch to Docker Engine 29.3.1 to fix a vulnerability.
Credential Blast Radius Mapping
Documenting each credential for each AI builder host, classifying each credential by its lifespan, and identifying what each credential can access is essential for reducing the credential blast radius, and setting up alerts for anomalous access can help detect potential security incidents, allowing organizations to thrive with gadgets securely.
