Has AI Turned Zero Days Into Zero Hour?
Yes. It Was Inevitable. And It’s Just the Beginning: The Age of Continuous Resilience Is Here
I have spent three decades navigating seismic changes in cybersecurity. Each disruption, from the dawn of the firewall to the promises (and pitfalls) of automated patch management, reminded us that innovation never pauses, and neither do threat actors. Vendors have long made outsized claims, and while some advances have been oversold, others have fundamentally reset what’s possible in our field. Claude Mythos is not the first milestone, and it will not be the last.
What we're seeing now with Claude Mythos is a powerful validation of what we've predicted: technological disruption is constant, AI will accelerate it, and resilience is not optional. While this moment is unprecedented, we've known for years that business continuity, ongoing resilience, and the necessity of automation in security operations are critical to staying ahead. Automated patching has always been part of this philosophy.
Anthropic’s recent announcement of the Claude Mythos Preview is one example of an accelerating trend. In just weeks, this AI model identified thousands of zero-day vulnerabilities spanning every major operating system and browser, including a bug that lived unnoticed in OpenBSD’s TCP stack for 27 years. Every human reviewer and automated fuzzer overlooked it. Mythos also surfaced a 16-year-old flaw in FFmpeg and several Linux kernel vulnerabilities. These discoveries reinforce a broader industry trend, not a singular anomaly. As AI keeps revealing more hidden gaps, the case for always-on resilience and automated patching grows stronger than ever.
Autonomous exploit development at this speed and scale is not an unforeseen leap. It is the next milestone in an accelerating pattern we have predicted and prepared for. Mythos demonstrated a 72.4% exploit success rate, autonomously building exploits for under $2,000 apiece in less than a day, while previous models barely made an impact. This isn’t a one-time surge in capability; it’s further proof that the threat landscape continues to shift radically, reinforcing what we’ve maintained: this won’t be the last or even largest surge, and relying on incremental improvement is a formula for radically increased risk. As attackers leverage automation, resilience built on continuous, automated patching has to be the new standard for organizations that intend to withstand what comes next.
The Shrinking Window of Remediation
For IT leaders, these numbers highlight a critical new reality. The exact same capability that finds hidden vulnerabilities can build the attacks used to exploit them.
Historically, the window between a vulnerability being discovered and an adversary exploiting it has been measured in months. Security and IT Ops teams had breathing room. Now, that window has collapsed from months to mere hours.
Think about how a standard enterprise IT department operates right now. A vendor releases an update on Patch Tuesday. The security team reviews the patch on Wednesday. Testing begins the following week. User Acceptance Testing happens next. Then comes the Change Advisory Board meeting. Finally, a deployment window gets booked for two weekends away.
The industry average time to patch still hovers around 30 days. And the 2026 Resilience Risk Index report shared that, in many cases, it is much longer than 30 days. I have seen massive Fortune 500 environments take 60 to 90 days to roll out critical updates.
That timeline always carried risks. But now, the minute a patch or fix is released, attackers are handed a blueprint to reverse engineer the vulnerability. If you don’t patch faster than they can exploit, you’ve already lost the race.
Anticipating This Shift
This shift might sound intimidating, but it does not need to be a source of panic. At Absolute, working with our customers has given us unique insight into this shift: as AI capabilities grow, they inherently increase certain security risks by accelerating the speed of threat actors. We knew this acceleration was inevitable.
We also know that the best defense against automated, AI-driven threats is automated, intelligent defense.
A tsunami of patches is heading our way. Vendors will ship dramatically more updates because AI tools will find flaws that would have otherwise stayed hidden for another decade. Every one of those new patches becomes analyzable by an attacker’s AI in a matter of hours. The attackers do not even need access to Mythos specifically. They just need a frontier AI model and the time your organization takes to maneuver through standard testing cycles.
For twenty years, security professionals have shared a valid concern about auto-deploying patches. They worry about regressions. They worry about system compatibility. They worry about the core business application that breaks every time a specific DLL gets updated. I understand these concerns deeply because I built companies around solving these problems.
But the risk calculation has fundamentally flipped. The old equation weighed the risk of a bad patch against the risk of exploitation. That logic worked perfectly when many exploits simply remained un-discovered and exploitation of those that were discovered took several weeks. It completely falls apart when discovery is accelerating even as exploitation time has dropped to mere hours.
Securing Your Future with Autonomous Patching
If your patching strategy assumes human teams have the time to carefully deliberate over every update before it ships, you are operating on borrowed time.
The organizations that thrive in this new era will be the ones that deploy AI-driven systems to counter AI-driven threats. They will use systems that automatically analyze patches. They will test those patches against digital twins of their environment. They will deploy updates to canary groups to monitor performance, and they will roll those updates forward or pull them back automatically based on real-time data.
No more waiting for the next advisory board meeting. No more enduring a static two-week testing cycle. The answer is continuous, intelligent patching.
Solutions in this category are designed to help organizations maintain security and operational continuity without the delays that traditionally introduce risk.
Our platform empowers organizations to maintain seamless security and operational continuity without the traditional delays that leave networks exposed.
Resilience for Automation helps ensures your core applications and security controls remain healthy and functional. It monitors your mission-critical applications to help ensure they are running exactly as intended. If a patch deployment causes an issue, or if a security tool stops functioning, the system can self-heal and return your environment to a known good state.
This enables organizations to move faster without compromising stability, even as the volume and velocity of change continue to increase.
Embracing the AI Era
The technology required to defend against these rapid-fire threats exists right now. What remains is for organizations to find the confidence to update processes that have been standard practice for two decades.
Threat actors are not waiting for your advisory boards to approve the next deployment. They are already leveraging AI to move faster than ever before.
You do not have to face this transition alone. We have built the infrastructure you need to confidently adapt to this new reality. By embracing automated patching and self-healing technologies, you can outpace the threats and secure your environment against whatever comes next.
Let us help you build a resilient, automated future. Because when it comes to keeping your organization secure, speed and resilience are your greatest assets.
