CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

AI-driven acceleration of exploitation timelines reduces window between vulnerability disclosure and active attacks

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

In 2025, threat actors leveraged AI and automation to compress the time between public vulnerability disclosure and exploitation from weeks to days or even minutes, significantly reducing the traditional "predictive window" for defenders. The median time between vulnerability publication and inclusion in CISA’s Known Exploited Vulnerabilities (KEV) catalog decreased from 8.5 days to 5 days, while the mean dropped from 61 days to 28.5 days. The use of AI accelerated reconnaissance, automated decision-making, and industrialized social engineering, enabling rapid weaponization of known weaknesses such as exposed services, weak identity controls, and unpatched edge infrastructure. Confirmed exploitation of high-severity CVEs (CVSS 7–10) rose 105% year-over-year, with deserialization, authentication bypass, and memory corruption flaws most frequently exploited—often against file transfer systems, edge appliances, and collaboration platforms.

Timeline

  1. 18.03.2026 15:00 1 articles · 2h ago

    Exploitation speed accelerates to near-immediate following vulnerability disclosure in 2025

    Rapid7’s analysis shows a collapse in the time-to-exploit window, with the median time from vulnerability disclosure to KEV inclusion dropping to 5 days and mean time to 28.5 days. AI-driven automation is cited as the key driver behind this compression of attacker timelines, enabling rapid discovery and weaponization of vulnerabilities in exposed services, edge devices, and collaboration platforms.

    Show sources
    Open in new tab

Information Snippets