From Zero-Day to Zero-Hour: How AI Compresses the Vulnerability Lifecycle
Deepak Gupta (guptadeepak.com), Thursday, July 9th, 2026
AI compresses vulnerability discovery-to-exploit from months to hours, collapsing the patch window for defenders.
The article argues AI has collapsed vulnerability discovery and exploitation timelines, cutting what took human researchers 4-12 months down to hours or days.
It cites CrowdStrike's 29-minute average breakout time, Claude Mythos discovering thousands of zero-days, and AI research costing $5-$50 per vulnerability versus $20,000-$80,000 for humans.
With the patch window effectively collapsed, the author recommends automated same-day patching for low-risk systems, 72-hour targets for standard ones, and compensating controls like RASP, WAF virtual patching, and segmentation.
Behavioral detection of post-exploitation activity is emphasized as discovery capability democratizes across smaller models.