Artificial intelligence is no longer just a productivity tool for writing emails, summarizing documents, or helping employees code faster. In cybersecurity, AI is becoming a weapon that can help attackers find software flaws faster, scale old techniques, and reduce the time companies have to respond before a vulnerability becomes an entry point.
The warning is already appearing in breach data. Verizon’s 2026 annual data breach report found hackers are increasingly using AI to detect software vulnerabilities, shortening the time targets have to respond to threats.
Verizon’s 2026 Data Breach Investigations Report said 31% of breaches now start with software vulnerabilities, beating stolen passwords as the top way attackers get in.
That shift matters because it changes the rhythm of cyber defense. For years, many organizations focused heavily on stolen credentials, phishing, and password theft. Those risks remain serious, but AI is making vulnerability exploitation faster and more scalable. Attackers are not only tricking people anymore; they are increasingly hunting weaknesses in the systems themselves.
AI Is Speeding Up the Attack Timeline
The most important cybersecurity change is speed. A vulnerability that once gave companies weeks or months to patch may now become dangerous much faster if AI tools help attackers identify where the flaw exists, how it can be reached, and how it might be exploited.
Reuters reported that Verizon found threat actors using generative AI at different stages of attacks, including targeting, initial access, and the development of malware and other tools. AI is helping attackers accelerate the time needed to exploit known vulnerabilities, shrinking the defense window from months to mere hours.
This does not mean AI has invented an entirely new form of hacking overnight. In many cases, it makes familiar methods faster. An attacker may still look for exposed systems, weak configurations, outdated software, or known vulnerabilities.
The difference is that AI can help automate research, summarize technical documentation, generate code, and adapt attack steps more quickly.
That is why cybersecurity teams are worried. If attackers move faster, defenders cannot rely on slow patch cycles, delayed risk assessments, or manual review processes.
The old security model of discovering a bug, ranking it, discussing it, testing a patch, and deploying it weeks later may not be enough in an AI-accelerated environment.
Research Shows AI Agents Can Exploit Real Vulnerabilities
Academic research has also started to show why this issue is serious.
A 2024 research paper titled “LLM Agents can Autonomously Exploit One-day Vulnerabilities” found that GPT-4 could exploit 87% of tested one-day vulnerabilities when given the CVE description. GPT-3.5, open-source models, and common vulnerability scanners such as ZAP and Metasploit achieved 0% on the same tested set, according to the researchers.
That finding is important because “one-day” vulnerabilities are already publicly known, but not always patched everywhere. In real life, that is often where attackers operate. Once a vulnerability is disclosed, organizations must move quickly before attackers turn public information into working attacks.
Another study raised the stakes further. The paper “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities” said teams of AI agents could exploit real-world zero-day vulnerabilities by using a planning agent that launches subagents. The researchers reported that their multi-agent system improved over prior work by up to 4.5 times on a benchmark of 15 real-world vulnerabilities.
The scientific reason this matters is that AI agents can divide complex work into smaller tasks. One agent can inspect code, another can search documentation, another can test an assumption, and another can plan next steps.
That structure begins to resemble a small automated security team. In the hands of defenders, it can help find and fix flaws. In the hands of attackers, it can make vulnerability exploitation more efficient.
Malware Is Starting to Use AI During Execution
AI misuse is not limited to research demonstrations.
Google Threat Intelligence Group reported that adversaries are no longer using AI only for productivity gains but are deploying novel AI-enabled malware in active operations. Google’s report identified malware families such as PROMPTFLUX and PROMPTSTEAL that use large language models during execution to generate malicious scripts, alter behavior, and create functions on demand.
This is a more advanced kind of risk. Traditional malware often contains prewritten code that defenders can analyze, detect, and block. AI-enabled malware can potentially change its behavior depending on the environment, instructions, or defensive tools it encounters.
State-sponsored actors from North Korea, Iran, and the People’s Republic of China continue to misuse generative AI tools across reconnaissance, phishing lure creation, command-and-control development, and data exfiltration. That means AI is not only helping with technical exploitation. It is also strengthening the full attack chain, from choosing victims to writing more believable messages and supporting later-stage operations.
The Same AI Can Help Defenders Patch Faster
The story is not entirely one-sided. AI can also help defenders find and repair vulnerabilities faster.
A research paper on automated vulnerability patching using large language models introduced LLMPATCH and reported stronger performance than baseline prompting methods and non-LLM patching techniques. The same study said LLMPATCH successfully patched 7 out of 11 zero-day vulnerabilities in its evaluation.
That defensive potential is why companies are not simply trying to block AI from cybersecurity work. They are trying to control it. AI can help review code, triage alerts, generate test cases, explain vulnerabilities, and propose patches. But those benefits only matter if organizations can verify the outputs, prevent unsafe automation, and keep sensitive code from leaking into uncontrolled tools.
The World Economic Forum captured this tension clearly. The Global Cybersecurity Outlook 2026 said 94% of survey respondents expected AI to be the most significant driver of change in cybersecurity in the year ahead. 87% of respondents identified AI-related vulnerabilities as the fastest-growing cyber risk over the course of 2025.
Governments and Companies Are Racing to Adjust
The emerging cybersecurity race is forcing governments and companies to rethink timelines. A world where vulnerability exploitation can move from months to hours requires faster patching, better asset inventories, stronger software testing, and more serious controls around AI use.
Reuters reported that Verizon chief information security officer Nasrin Rezai said organizations need to “fight AI with AI” by incorporating it into software development, testing, and cyber defense processes at a new scale. That statement reflects the practical reality facing security teams: defenders cannot manually fight an automated threat landscape forever.
But racing to adopt AI also creates another problem. Reuters reported that Verizon found “Shadow AI,” or unauthorized AI use, has become the third most common non-malicious insider action in data loss incidents. In other words, employees using AI tools without approval may accidentally expose source code, images, or structured data.
This is the contradiction at the heart of AI cybersecurity. Companies need AI to defend themselves faster, but careless AI use can create new security gaps. Attackers can use AI to find weaknesses, but defenders can use the same class of tools to patch them. Governments want innovation, but they also worry that powerful models could make cyberattacks easier to scale.
AI is not replacing cybersecurity fundamentals. Organizations still need patching, identity controls, backups, monitoring, secure coding, and incident response. But AI is changing the speed and scale of the fight. Software flaws are becoming more dangerous because the time between discovery and exploitation is shrinking.
The lesson is clear: AI is no longer only a tool that helps people work faster. In cybersecurity, it is becoming part of the battlefield itself.
