90-day vulnerability disclosure may be dead due to AI, leaving systems exposed to zero-day attacks

As artificial intelligence rapidly evolves, traditional cybersecurity mechanisms are facing unprecedented challenges. Security researcher Himanshu Anand argues that the conventional 90-day vulnerabili... Read original →

AI is collapsing the vulnerability disclosure timeline from a 90-day window to real-time response. LLM-powered code scanning renders traditional patch cycles obsolete, especially for critical infrastructure like the Linux kernel. Upstream, frameworks such as React must embed AI-native security hooks or become attack vectors; downstream, chipmakers will need dynamic firmware-level validation. Compliance costs surge as firms reclassify all critical flaws as P0, disproportionately burdening SMEs reliant on open-source stacks. Microsoft and Google may deploy proprietary AI security agents to create walled defense ecosystems, while Apple could leverage vertical integration for end-to-end exploit mitigation. Within 12–24 months, expect mandatory AI-verifiable vulnerability SLAs for critical software—failure to comply risks exclusion from public procurement.