2 Sources
[1]
AI is set to completely transform cybersecurity -- here's how researchers must prepare
For much of my career in computer science, I viewed the detection of software vulnerabilities as a craft. The best researchers combine technical skill with intuition: the ability to tell whether a software crash was a minor glitch or a sign of a more serious vulnerability. For decades, machines found bugs and humans decided which ones mattered. Now, with the advance of artificial intelligence, that is set to change drastically. My research has focused mostly on building better fuzzers -- automated tools that bombard software with millions of unexpected inputs to uncover bugs. Generating crash reports (detailed files that record the failures) was rarely the difficult part. The real challenge came afterwards. Someone still had to investigate each crash, determine whether it was exploitable, decide if it warranted disclosure, and work out how it could be fixed. But AI is spurring a radical shift in how cybersecurity operates, turning vulnerability research into a scalable process that is powered by models, training data and computing power. There are immense challenges as we navigate this path. Here, I sketch the contours of the emerging landscape and lay out open challenges. AI systems can now do much more than generate code. Models that can reason, use tools and run experiments are increasingly capable of triaging software crashes, identifying root causes, assessing exploitability and even proposing fixes. AI can review code that would otherwise go unexamined and shorten the path from bug discovery to a tested fix. Earlier this year, Mozilla, a technology firm in San Francisco, California, used a frontier AI model to uncover and patch 271 vulnerabilities in its Firefox browser for a single version release -- a lot more than its existing tools and reviewers had found each month over the previous year. The sheer number of vulnerability reports that AI enables is stretching the review capacity of even experienced developers. The Linux kernel, the core open-source software that underpins many computer systems, relies on people reporting bugs. But in May 2026, the team that maintains the Linux kernel responded to a surge of duplicate AI-assisted reports by clarifying how such findings should be submitted. The lesson is not that software maintainers are failing, but that machine-generated reports can easily overwhelm processes built for a world in which vulnerabilities were discovered at human speed.
[2]
How AI could unleash a flood of zero-day vulnerabilities
More than 100 new vulnerabilities are publicly disclosed on an average day, according to Mike Sentonas, president of cybersecurity company CrowdStrike. What was once a trickle has become a torrent, threatening to overwhelm the organizations responsible for keeping critical systems secure. Sentonas, who has worked at CrowdStrike since 2016 and in cybersecurity for more than 20 years, believes the problem has grown so large that major organizations cannot test and install every available fix without risking outages of their own. Security teams are therefore forced to determine which handful of flaws pose the greatest threat. And the problem is likely to get worse. Within months, AI systems capable of finding software bugs at great speed could vastly expand that backlog, while giving attackers the same tools to turn newly discovered flaws into working attacks. "Theoretically, we all wake up and there is just an exponential growth in zero-day vulnerabilities, and there are no patches," Sentonas says. The speed at which AI models can identify zero-day vulnerabilities -- flaws that can be exploited before the software's maker has issued a patch -- may be good news for defenders searching their own systems. But it also means those vulnerabilities can go from hidden in a piece of software to discovered and weaponized far more quickly than before.
Share
Copy Link
AI is set to completely transform cybersecurity as models gain the ability to discover software vulnerabilities at machine speed. Mozilla used AI to uncover and patch 271 vulnerabilities in Firefox—more than previous months combined. But this capability cuts both ways: defenders and attackers alike could soon access tools that identify zero-day flaws faster than organizations can respond, potentially overwhelming critical systems.
For decades, vulnerability research relied on human intuition and expertise. Computer science researchers built automated fuzzers that bombarded software with unexpected inputs, but humans still determined which crashes mattered and how to fix them. AI in cybersecurity is changing that fundamental dynamic. AI systems now possess capabilities that extend far beyond code generation—they can reason, use tools, run experiments, triage software crashes, identify root causes, assess exploitability, and propose fixes
1
.This AI-driven shift represents a fundamental transformation in how security teams operate. What was once a craft requiring technical skill and intuition is becoming a scalable process powered by models, training data, and computing power. The implications stretch across the entire cybersecurity landscape, from how organizations discover flaws to how quickly they can respond
1
.
Source: Fast Company
The practical impact of AI systems capable of rapidly identifying software bugs is already visible. Earlier this year, Mozilla used a frontier AI model to uncover and patch 271 vulnerabilities in its Firefox browser for a single version release—significantly more than its existing tools and reviewers had found each month over the previous year
1
. This dramatic increase demonstrates how AI can review code that would otherwise go unexamined and shorten the path from bug discovery to a tested fix.Yet this capability creates new pressures. The Linux kernel team responded to a surge of duplicate AI-generated bug reports in May 2026 by clarifying submission guidelines. Machine-generated reports can easily overwhelm processes built for a world where software vulnerabilities were discovered at human speed. The lesson isn't that maintainers are failing, but that existing review capacity struggles to keep pace with AI-assisted discovery
1
.More than 100 new vulnerabilities are publicly disclosed on an average day, according to Mike Sentonas, president of CrowdStrike, who has worked in cybersecurity for over 20 years. What was once a trickle has become a torrent, forcing major organizations to prioritize which handful of flaws pose the greatest threat rather than testing and installing every available fix
2
.The situation could deteriorate rapidly. Within months, AI systems capable of finding software bugs at great speed could vastly expand the backlog of zero-day vulnerabilities—flaws that can be exploited before the software's maker has issued a patch. "Theoretically, we all wake up and there is just an exponential growth in zero-day vulnerabilities, and there are no patches," Sentonas warns
2
.Related Stories
The speed at which AI models can identify zero-day vulnerabilities presents a double-edged sword. For defenders searching their own systems, rapid discovery offers advantages. But the dual-use nature of AI means attackers gain access to the same tools, enabling them to turn newly discovered flaws into working attacks far more quickly than before. Vulnerabilities can go from hidden in software to discovered and weaponized at unprecedented velocity
2
.This creates an asymmetric challenge for security teams protecting critical systems. Organizations cannot simply discover more bugs—they must also assess, prioritize, and patch them before adversaries weaponize the same discoveries. The gap between vulnerability disclosure and patching vulnerabilities could narrow to days or even hours, fundamentally altering the economics and timelines of cybersecurity defense. As AI is set to completely transform cybersecurity, the industry must develop new frameworks for managing machine-speed vulnerability discovery before the flood arrives.
Summarized by
Navi
[2]
22 Apr 2026•Technology

22 Jun 2026•Policy and Regulation

25 Jun 2025•Technology

1
Technology

2
Policy and Regulation

3
Business and Economy
