LLMs find zero-days faster than you can patch
Enterprise
If you still treat vulnerability management as a quarterly housekeeping job, you are already the soft target. The latest research on AI threat readiness is blunt: frontier Large Language Models (LLMs) can now discover and exploit zero-days on their own, chain weaknesses, and move from reconnaissance to working exploit in the time it takes you to book a change window.
What changes in the kill chain
The difference is scale and judgement at machine speed. A public-preview AI agent described in the work scanned over 150,000 production web apps and APIs each week, processed more than 100 billion tokens, and matured to uncover more than 3,000 high and critical exploitable logic flaws weekly. This is not just regex on steroids. The agent maps exposed services, spots shadow APIs, reasons about business logic, and validates exploitability before moving on. Traditional scanners miss this tier of bug because it lives in state transitions, not headers.
Once you accept that, the cloud exposure numbers stop looking like hygiene metrics and start looking like a to-do list for an automated adversary: 30% of environments had at least one externally exposed high-impact machine; 19% exposed software on systems with identity and access management privileges into sensitive assets; 6% had exposed software on machines with paths to administrative privileges. That is a ready-made path: internet-exposed service to shadow API to privileged foothold. AI is good at chaining those steps because it does not get bored, and it does not forget edge cases.
The uncomfortable operational truth
The paper’s four-pillar framework is not revolutionary, but it is unavoidable: use AI to find every exposure, validate what is truly exploitable, push fixes fast, and keep runtime watch with automated containment for high-confidence hits. The details matter. Coverage is everything, because any unknown asset is where the agent will land first. Ownership mapping and routing are not admin chores; they are how you shrink mean time to remediate from weeks to hours. Deep, model-driven code analysis surfaces the ugly, high-impact logic flaws, but it is compute-heavy and throws up complex findings that need human review and clear workflows. That is the price of catching what static analysis skips.
Some will wait for “mature tools” or lean harder on shift-left alone. That is comforting and wrong. Offence has already industrialised discovery. If your defence cannot continuously map, validate and fix at comparable speed, you are betting on attacker mercy. My read: this is not doomerism; it is the economics of automation finally hitting security. Act on speed and breadth, or accept that you are running incident response for someone else’s pipeline.
