In early 2024, it took attackers an average of five days to begin exploiting a newly disclosed software vulnerability. Just two years earlier, that window was 32 days. By late 2025, security teams at multiple firms reported seeing exploitation attempts within hours of a flaw going public. Now, heading into mid-2026, the trajectory has prompted several major cybersecurity companies to attach a specific label to this moment: the year of AI-assisted attacks.
The phrase reflects a growing consensus among threat researchers that automated tools, many of them powered by large language models and machine-learning-driven scanning, are compressing the exploit timeline to a point where human-speed patch management simply cannot keep up. CrowdStrike’s 2025 Global Threat Report warned that generative AI was lowering the barrier for less-skilled attackers to craft working exploits, while Palo Alto Networks’ Unit 42 researchers documented cases where proof-of-concept exploit code appeared online within hours of a CVE’s publication, sometimes with signs of automated generation.
The federal data behind the alarm
The strongest public evidence for this acceleration comes from the Cybersecurity and Infrastructure Security Agency. CISA’s Binding Operational Directive 22-01, issued in November 2021 and still actively enforced, was built on a blunt finding: attackers routinely weaponize known software flaws on or within days of public disclosure. The directive created the Known Exploited Vulnerabilities catalog, a running list of flaws with confirmed real-world exploitation, and it requires every federal civilian agency to patch or mitigate each cataloged vulnerability within strict deadlines.
The catalog has grown steadily. As of May 2026, it contains over 1,100 entries, each representing a vulnerability that someone, somewhere, successfully used against a live target. The system was designed to force triage: instead of treating thousands of annual CVEs as equally urgent, agencies must prioritize the ones attackers are actually using. That design choice acknowledged a reality the broader industry has been slower to accept. Most organizations still patch on monthly or quarterly cycles, schedules that were reasonable when exploitation took weeks but are dangerously slow when it takes days or less.
Federal statute backs up the directive’s urgency. Under 44 U.S.C. § 3552, information security is defined as protecting systems against threats to confidentiality, integrity, and availability that can cause serious harm. Its companion, § 3553, assigns agencies explicit duties to detect, report, and respond. Together, these statutes give BOD 22-01 its teeth: known exploited vulnerabilities are treated as active emergencies, not routine maintenance tickets.
Where AI fits into the attack chain
The specific concern for 2026 is not just speed but automation at every stage of the attack chain. Security researchers have outlined a scenario that is no longer hypothetical in its individual components: an AI-driven scanner continuously monitors public vulnerability databases and vendor advisories. Within minutes of a new disclosure, a language model analyzes the technical details, identifies the affected code path, and generates candidate exploit code. A separate automated system tests that code against internet-facing targets discovered through services like Shodan or Censys. The entire sequence, from disclosure to attempted compromise, can theoretically complete before most security teams have finished reading the advisory.
Parts of this pipeline already exist in the open. Automated fuzzing tools have been generating crash-triggering inputs for years. GitHub repositories regularly host proof-of-concept exploits within a day of major CVE announcements. What AI adds is the connective tissue: the ability to move from a written vulnerability description to working exploit code without a skilled human researcher spending hours or days on reverse engineering. Google’s Mandiant division reported that the average time-to-exploit for vulnerabilities dropped to five days in 2023, and researchers there noted that the trend was accelerating, not stabilizing.
No publicly available federal dataset yet isolates how much of the current exploitation speed is attributable to AI-driven tools versus conventional methods. CISA’s directive documents that exploitation happens rapidly but does not break out the role of machine learning or automated exploit generation. That gap matters because the “year of AI-assisted attacks” framing implies a qualitative shift in attacker capability, not simply more of the same at higher volume.
The gap outside the federal perimeter
BOD 22-01 applies only to federal civilian executive branch agencies. Private companies, hospitals, school districts, water utilities, and state and local governments face no equivalent binding mandate. CISA encourages all organizations to use the KEV catalog as a prioritization tool, but compliance outside the federal workforce is voluntary.
That distinction creates a two-tier reality. Federal agencies, whatever their other challenges, at least operate under enforceable deadlines and centralized oversight. A hospital system in rural Ohio or a municipal water authority in Texas has no regulatory requirement to patch a KEV-listed vulnerability within any specific timeframe. Many lack dedicated security staff entirely. If AI-assisted tools do compress the exploit window to hours, these organizations sit squarely in the blast radius.
The scale of the broader vulnerability landscape compounds the problem. The National Vulnerability Database processed over 40,000 new CVEs in 2024, and the volume has continued to climb. Even with the KEV catalog narrowing the priority list, defenders outside the federal system must make triage decisions with fewer resources, less visibility, and no external enforcement mechanism pushing them to act quickly.
What defenders are doing now
Some organizations are not waiting for the threat to fully materialize. Larger enterprises have begun deploying AI-driven defensive tools that monitor for anomalous network behavior, predict which systems are most likely to be targeted based on exposure data, and automate patch testing to shorten deployment cycles. The logic mirrors the attacker’s advantage: if machines can find and exploit flaws faster than humans, machines also need to be part of the defense.
CISA itself has signaled interest in this direction. The agency’s ongoing work on automated threat sharing and its push for software bills of materials (SBOMs) are both designed to give defenders faster, more granular information about what is running in their environments and what is vulnerable. Whether these initiatives will move quickly enough to match the pace of AI-assisted offense is an open question, but the policy infrastructure is being built.
For organizations without large security budgets, the most practical step remains aligning patch management with the KEV catalog. Treating every new KEV entry as a fire drill rather than a scheduled task is a meaningful shift in posture, and it is one that requires process changes more than technology investments. Building the ability to respond within days, not weeks, to high-risk disclosures is justified by the exploitation patterns already observed, regardless of whether AI becomes the dominant driver.
A stress test already underway
The 2026 label is best understood not as a fixed prediction but as a stress test for current defenses. If AI-assisted exploitation scales the way vendors anticipate, BOD 22-01 and its statutory foundations will be judged by whether they enabled agencies to move fast enough and share lessons with the broader ecosystem. If the worst projections do not materialize, the same framework will still have pushed organizations toward a more disciplined, data-driven approach to vulnerability management.
Either way, the verified evidence already points to a conclusion that does not require any projection at all: the era in which defenders could treat patching as a low-tempo, back-office function is over. The systems, policies, and habits built right now will determine how well organizations weather whatever form AI-enabled attacks ultimately take. The window between a flaw becoming public and that flaw becoming a weapon has been shrinking for years. The question for 2026 is whether it finally closes to zero.
More from Morning Overview
*This article was researched with the help of AI, with human editors creating the final content.
