BreachWatcher monitors breaches and threat activity around the clock, and one trend is impossible to ignore heading into the second half of 2026: the way vulnerabilities are being discovered, exploited, and weaponized has fundamentally changed. Artificial Intelligence is at the center of that shift, and both defenders and attackers are using it.
What Is a Vulnerability?
A vulnerability is a weakness or flaw in a system's design, implementation, or configuration that a threat actor can exploit to gain unauthorized access, steal information, or cause harm. Vulnerabilities exist in software, hardware, cloud platforms, and increasingly in AI systems themselves.
Most organizations address vulnerabilities through a structured process:
- Identify: Through security assessments, vulnerability scans, or penetration testing.
- Remediate: Through patches, code changes, or configuration updates.
- Retest: To confirm the vulnerability has been resolved.
Historically, organizations had time to work through this cycle. The average window between a vulnerability being published and it being actively exploited in the wild was over 700 days as recently as 2022. That window no longer exists.
How AI Has Changed the Landscape
AI has transformed vulnerability management from two directions simultaneously, accelerating discovery on the defensive side, and accelerating exploitation on the offensive side.
On the defensive side, AI-powered scanning tools and large language models are being used to identify vulnerabilities in code faster than any human team could. This is driving a significant increase in the volume of vulnerabilities being discovered and disclosed.
On the offensive side, attackers are using the same tools to move faster than defenders can respond. AI has compressed the average time-to-exploit from 700 days to as few as 44 days. Today, 28.3% of CVEs are weaponized within 24 hours of public disclosure. A 42% year-over-year increase in zero-days exploited before public disclosure means organizations are being hit by vulnerabilities before a patch even exists.
AI-specific vulnerabilities alone grew 34.6% in 2025, with 2,130 AI-related CVEs recorded. NIST has tracked a greater than 2,000% increase in AI-specific CVEs since 2022. The result is a remediation gap that is widening, not closing. The average time to remediate a known vulnerability is 74 days. Against an attacker operating on a 24-hour timeline, that gap is not a metric, it is an open door.
The Threat Has Evolved Further
Two developments make this more serious than the numbers alone suggest.
First, AI has lowered the barrier to entry for attackers. Skills that once required years of technical training — writing exploits, identifying attack chains, bypassing defenses — can now be assisted by AI tools available for less than $20 per month. Lower-skilled attackers are now capable of executing sophisticated campaigns.
Second, the old practice of prioritizing only High and Critical severity vulnerabilities is no longer sufficient. AI enables attackers to chain multiple lower-rated vulnerabilities together to achieve the same damage as a single critical exploit. A Medium-severity vulnerability that was previously considered low risk may now be the entry point in a multi-stage attack.
What You Should Do
Vulnerability management needs to be treated as a continuous, time-sensitive operation, not a quarterly exercise. Here is where to focus:
- If you do not have a vulnerability management program, build one. Organizations without a structured process for identifying and remediating vulnerabilities are operating blind.
- Review your current program for speed. If your average remediation time exceeds 30 days for High and Critical vulnerabilities, that gap is being actively exploited. Prioritize reducing it.
- Expand your scope beyond High and Critical. AI-enabled attack chaining means Medium and even Low severity vulnerabilities can serve as entry points. Broaden your patching criteria accordingly.
- Include AI systems in your vulnerability scope. If your organization uses AI tools, LLM integrations, or third-party AI APIs, these are part of your attack surface and must be assessed. Test for prompt injection and audit trust boundaries between AI components and the rest of your environment.
- Enable multi-factor authentication across all systems. Many vulnerability exploits succeed because attackers pivot through poorly protected accounts. MFA removes that pivot point.
- Monitor for unusual behavior, not just known signatures. AI-assisted attacks increasingly bypass signature-based detection. Behavioral monitoring, unusual data access patterns, unexpected API calls, lateral movement, is essential.
BreachWatcher will continue monitoring the threat landscape and alerting subscribers when their credentials or data appear in new breaches. As AI continues to reshape both attack and defense, staying informed is the first line of protection.