Cogent — AI exploit dev shrinks weaponization from 125 days to 12 hours
AI relevance: AI-assisted exploit development has reduced the time from vulnerability discovery to weaponized exploit from 125 days to 12 hours — collapsing the window between CVE publication and in-the-wild exploitation, which directly impacts how fast AI/agent infrastructure operators must patch.
What happened
Cogent, an AI-native cybersecurity firm, released analysis showing that AI-assisted exploit development has fundamentally compressed vulnerability-to-weaponization timelines.
- The average timeline from vulnerability disclosure to functional exploit has dropped from 125 days to approximately 12 hours.
- This renders traditional scanner-based detection cycles — which operate on multi-day update intervals — largely obsolete for critical vulnerabilities.
- Proofpoint separately reported 12 actively exploited CVEs in 2026, compared to eight currently listed in CISA's Known Exploited Vulnerabilities catalog.
- The compression is driven by LLM-assisted vulnerability analysis, automated proof-of-concept generation, and rapid exploit tooling production.
Why it matters
For AI infrastructure operators, the implications are direct: model serving stacks (vLLM, LiteLLM), MCP gateways, and agent orchestration platforms are often deployed with default configurations and limited patch velocity. The BadHost/CVE-2026-48710 flaw in Starlette (published yesterday) is a concrete example — affecting thousands of AI agent deployments, with exploits now trivially within reach of anyone using current AI coding assistants to draft PoCs. The patch window that was once measured in weeks is now measured in hours.
What to do
- Reduce patch SLAs for critical vulnerabilities in AI infrastructure components from weeks to 24 hours.
- Deploy behavioral monitoring (WAF rules, rate limiting, anomaly detection) around AI infrastructure endpoints — not just signature-based scanners.
- Implement network segmentation between model-serving infrastructure and internet-facing surfaces.
- Subscribe to real-time vulnerability intelligence feeds rather than relying on weekly scanner updates.