AI Helps With Vulnerability Detection AND Exploitation – Why Patching Remains Vital

In this blog post, we address real cases of vulnerability discovery with AI but also how these very same tools get exploited by threat actors to expedite cyber attacks.

What's Happening With AI and Vulnerabilities

Despite what hacking is being portrayed as in Hollywood movies, what’s behind cyberattacks can be outright boring but incredibly effective. Admin work that hasn’t been done today quickly becomes a cyber security incident. We’ve talked about the importance of patching before in this blog post. 

Staying on top of vulnerabilities is basically a race against three clocks:

1. The disclosure clock (when the world learns the bug exists)
2. The weaponisation clock (when someone turns it into a working exploit)
3. The patch clock (when you actually deploy the fix everywhere it matters)

Unfortunately, you as a defender only control the third clock, and even that control is partial unless patching and asset visibility are genuinely mature.

The Gap Is Shrinking

Two recent stories show why the gap between “found” and “exploited” keeps getting smaller.

AI Is Supercharging Vulnerability Discovery

Anthropic reported that Claude Opus 4.6 identified 500+ previously unknown high-severity vulnerabilities in major open-source libraries, with humans validating findings to avoid hallucinations.

That is good news for defenders… with an asterisk the size of a data centre.

Open-source software underpins everything from internal tooling to customer-facing platforms. Many projects are maintained by tiny teams with limited time, meaning a faster discovery is only safer if organisations can translate findings into patches, updates, and mitigations quickly. Otherwise, discovery simply moves the starting gun earlier for attackers too.

Ironically, according to IBM’s X-Force Threat Intelligence Index 2026, AI has also driven an 44% percent increase in cyberattacks – with threat actors even using those very vulnerability scanning abilities of AI combined with identified insufficient authentication controls to speed up their work. And shockingly for over half (56%) of known vulnerabilities, authentication wasn’t even necessary, putting an even greater emphasis on timely patching and compensating controls (see summary at the end of our article)

AI Workflows Are Creating Fresh Attack Surfaces

Then there’s the other side of the coin: AI integrations or assistants serving as an easy entry point for attackers.

Just last week, Anthropic reported that a critical vulnerability in its AI-powered command line development tool called Claude Code. If exploited via project configuration files, they could enable attackers to execute code remotely and steal Anthropic API keys. While this vulnerability has been patched, it’s just a matter of time until we hear about the next AI integration flaw.

At the beginning of February, researchers described a zero-click remote code execution path involving Claude Desktop Extensions, where a maliciously crafted Google Calendar event could lead an AI agent to chain low-trust input into high-privilege actions. The report highlights lack of sandboxing and a trust boundary failure in how extensions interact with the host machine – essentially with full access.

First detected on January 21, Microsoft reported a bug in Copilot that means it could read and generate summaries of some users’ emails stored in Outlook Drafts and Sent items despite being labelled “confidential” and or supposedly being protected by sensitivity labels and data loss prevention (DLP) policies. While, according to Microsoft, “this did not provide anyone access to information they weren’t already authorized to see”, it does show hastened AI integrations can become a problem in terms of data protection.

In June last year, a patch was issued for a reported attack chain abusing Copilot’s retrieval flow so that malicious instructions embedded in content (like an email) could cause Copilot to automatically exfiltrate sensitive data from its M365 context, without user interaction or awareness. This was covered in security reporting tied to CVE-2025-32711 and described as “zero-click” in that framing. This is problematic because Copilot’s whole job is to fetch and summarise from mail/documents/chats. If it's allowed to pull from a wide set of sources (because users and groups are over-permissioned), prompt injection becomes a data-harvesting tool.

This is the new game: going beyond a simple question like “is software vulnerable?”, but actively thinking “can an AI-driven workflow be nudged into doing something dangerous using normal-looking data?”

The vulnerabilities listed here are just a few of what we’ve seen in the last few months.

Problems like these will only increase because more and more AI tools are being integrated with software we’re already using, with a whole new generation of AI browsers now also making its way onto computers around the world.

Microsoft 365 and Fast Exploitation

In late January 2026, Microsoft issued out-of-band patches for an Office zero-day (CVE-2026-21509) that was already being exploited in attacks (remote malicious code execution), bypassing Object Linking and Embedding (OLE) mitigations in Microsoft 365 and Office.

That is the pattern to pay attention to: exploitation is not politely waiting for your next maintenance window.

In February 2026, Microsoft’s updates also included additional publicly disclosed and exploited issues, including an OLE mitigation bypass affecting Microsoft 365 and Office (CVE-2026-21514).

The Consequences Don’t Stay Isolated to IT

When vulnerability management slips, it impacts the entire business:

• Operational disruption: emergency patching, service degradation, incident response overhead.
• Data exposure risk: vulnerabilities frequently become the entry point for credential theft, lateral movement, or ransomware.
• Compliance and contractual pain: customers increasingly expect evidence of timely patching and risk treatment.
• Reputational damage: the knowledge of stakeholders you were patching slowly

What’s important to remember: none of this requires elite attackers. It just requires you to be running something unpatched that others have already noticed.

What To Do

This is not about patching everything instantly but rather about building a system that makes speed normal.

1) Know what you run. You cannot patch what you cannot see. An asset inventory (endpoints, servers, cloud services, SaaS integrations, extensions) is the foundation.

2) Triage by exploitability, not just the Common Vulnerability Scoring System (CVSS). “Actively exploited” and “reachable in your environment” matter more than CVSS. The Office zero-day example shows why.

3) Shrink time-to-remediate with automation. Patch orchestration, staged rollouts, and clear exception handling reduce the human bottleneck.

4) Treat AI agents and extensions as privileged software. If a tool can read calendars, files, tokens, or run commands, it deserves the same scrutiny as any admin utility: sandboxing, least privilege, allow lists, and monitoring. The Claude Desktop Extensions case exemplifies why it’s necessary.

5) Build compensating controls for the time before you get to patching. When patching takes time: isolate systems, restrict macro and OLE pathways, tighten email and web filtering, and monitor for known exploitation patterns.

The Strategic Takeaway

We are moving into a world where:

• AI speeds up vulnerability discovery in widely used codebases.
• AI-driven tools introduce new trust boundary failures and automation risks.
• Exploitation can start before the average organisation has even finished its internal triage.

So, vulnerability management stops being a background IT function and becomes a core resilience capability.

The organisations that win are the ones with the shortest distance between “we learned about the risk” and “we reduced the risk”.

Stay safe out there.