The Patch Window Collapsed—And Nobody Was Ready

For decades, the cybersecurity industry has operated on a fundamental assumption: organisations have time. Time to patch after disclosure. Time to assess risk. Time to test updates before deployment. Mandiant’s M-Trends 2026 report has buried that assumption.

The headline is stark: the median time between public CVE disclosure and the first working exploit is now just 10 hours. Even more alarming, 28.3% of disclosed vulnerabilities are exploited within 24 hours of public knowledge. For context, organisations typically need 24-48 hours just to assess whether a vulnerability affects their infrastructure.

Key Developments

Google’s Threat Intelligence Group has identified threat actors using AI to develop zero-day exploits—a first-ever observation that signals a fundamental shift in attacker capability. Rather than waiting for disclosure, adversaries are now using AI to reverse-engineer vulnerabilities and generate functional exploit code at machine speed.

Microsoft’s discovery of two critical vulnerabilities in Semantic Kernel (CVE-2026-25592 and CVE-2026-26030) exemplifies the new risk landscape. A single malicious prompt could escalate from injection attack to host-level remote code execution—allowing an attacker to launch arbitrary commands on a device running the AI agent. The attack surface has expanded beyond traditional software vulnerabilities into prompt-based attacks that traditional security tooling cannot detect.

Why This Matters for European Enterprise

For Irish and EU organisations, this represents a compounding crisis. Supply chain attacks have already moved upstream: the Vercel breach via Context AI showed how inherited trust paths—a single employee granting OAuth permissions to a third-party AI tool—can become attack corridors. TeamPCP’s compromise of GitHub repositories and associated GitHub Actions (including Trivy, Checkmarx, and LiteLLM) demonstrates that even security-focused tools are now attack vectors.

The EU’s regulatory environment—including the AI Act’s transparency requirements and the upcoming Article 50 guidelines—assumes organisations can conduct due diligence and remediation within reasonable timeframes. That assumption is now broken.

Practical Implications for Builders and Users

The 10-hour exploit window demands a fundamental shift in defensive strategy:

  • Zero-trust patching: Rather than waiting for comprehensive testing, organisations must adopt rapid patching for critical CVEs, with rollback capabilities pre-positioned.
  • AI infrastructure hardening: Intruder’s findings revealed that AI infrastructure is more vulnerable and misconfigured than any other software category. Immediate audit and remediation of AI systems—particularly those with external integrations—is non-negotiable.
  • Prompt injection detection: Traditional WAF and IDS tooling cannot detect malicious prompts. New monitoring and sandboxing approaches for AI systems are essential.
  • Supply chain vetting: OAuth permissions granted to third-party AI tools must be subject to the same scrutiny as direct infrastructure access.

Open Questions

Several critical unknowns remain:

  1. Scale of AI-generated exploits: How many currently-active exploits have been generated with AI assistance? We know of one confirmed case—but detection rates are unclear.
  2. Semantic Kernel’s actual exposure: How many production deployments use vulnerable versions of Semantic Kernel?
  3. Regulatory response timeline: Will the EU AI Act’s transparency framework be updated to account for AI-accelerated attack timelines?

For European organisations, the message is clear: the 10-hour exploit window requires immediate action on patch management, AI system hardening, and supply chain access controls. The question is no longer whether you’ll be targeted—it’s whether you can respond fast enough when you are.

Source: Mandiant M-Trends 2026 Report