Skip to content

Patch Management Under Pressure: Attackers Use AI for Faster Exploitation

At a glance: The time window between vulnerability disclosure and patch deployment becomes a critical security gap due to AI-accelerated exploitation and patch implementation challenges — approximately one-third of ransomware incidents could have been prevented through patching.

Cybercriminals can convert newly disclosed vulnerabilities into functional attacks within ten hours using AI-powered automation. At the same time, the number of known vulnerabilities is growing rapidly, while patch processes in many organizations face technical and organizational hurdles.

The situation is exacerbated by three converging trends. First, the number of known vulnerabilities (CVEs) grew by approximately 20 percent last year, with around 50,000 new vulnerabilities documented in total. Teams must assess, prioritize, and address this rising flood — a task that stretches even well-resourced organizations to their limits.

Second, attackers are exploiting technology strategically: automated scanning procedures continuously search the internet for newly disclosed vulnerabilities and match them against vulnerable, exposed systems. AI and machine learning automate routine attack preparation, enabling even smaller threat actors to conduct effective operations. Accordingly, exploits can be developed from vulnerability disclosures within ten hours.

Third, successful intruders benefit from extended dwell times on the network: the global median dwell time has risen to 14 days — enough time to collect credentials, navigate laterally through the network, and prepare ransomware. This phase extends because unpatched entry points remain open.

Technical and organizational barriers significantly delay necessary patch cycles. Administrators — particularly in critical sectors such as manufacturing and healthcare — fear that software updates may compromise the availability and stability of production systems. Lack of visibility into risk levels and compatibility, decentralized endpoint infrastructure, and user behavior (delayed reboots, ignored notifications) further complicate standardized patch processes.

A cultural deficit compounds the problem: patch management is understood in many organizations as routine maintenance that can be deferred or performed retroactively. This mindset overlooks the fact that every unpatched system presents an immediate attack surface. According to empirical data, approximately one-third of all ransomware attacks last year began with exploitation of unpatched, preventable vulnerabilities.


Source: www.it-daily.net · Published June 3, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.

Share on: