The Patch Window Is Collapsing: AI Exploit Timelines Are Now Hours

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
The patch window is the time a defender has between a vendor releasing a fix and an attacker turning that fix into a working exploit. Every major framework for vulnerability prioritization, including CVSS exploitability scores, EPSS predictions, and vendor exploitability ratings, is calibrated around this window. The window has now effectively closed for AI-equipped adversaries operating against patched vulnerabilities.
The historical data tells the story clearly. WannaCry: 59 days from patch to weaponized exploit. Citrix Bleed: 14 days. Log4Shell: 3 days. The trend was already compressing. Claude Mythos produced its first working Firefox SpiderMonkey exploit in 12 minutes. Windows kernel LPE: 8 complete chains to SYSTEM within 6 hours of beginning binary-only analysis. Microsoft Autopatch achieves approximately 90% device coverage in about 7 days. Mythos can produce working exploits before Autopatch finishes its rollout.
This post documents what the N-days research actually measured, what it means operationally for vulnerability management programs, and how to rebuild patch prioritization for a threat model where the patch window no longer provides meaningful buffer time.
The Historical Patch Window and Why It No Longer Exists
The 90-day coordinated disclosure standard, Microsoft Patch Tuesday, and 30-day remediation SLAs all share a common assumption: exploit development takes time. When Microsoft classifies a vulnerability, when CVSS assigns an exploitability score, when a CISO sets a remediation SLA, the underlying model assumes that the gap between patch release and weaponized exploit gives defenders meaningful response time.
That model was grounded in historical data. EternalBlue was patched in March 2017. WannaCry, the first major weaponized use, arrived in May 2017 -- 59 days later. Citrix Bleed was patched in October 2023 and weaponized exploits appeared approximately 14 days later. Log4Shell showed the window could compress further: working exploits appeared within approximately 3 days of public disclosure. The trend toward compression was visible before AI-powered exploit development became a factor.
Claude Mythos eliminates the remaining buffer. The Firefox SpiderMonkey N-days test used 18 patched vulnerabilities from Firefox 148 and 149. The first working PoC arrived in approximately 12 minutes. 14 of 18 PoCs were complete in approximately 3 hours. 8 full exploits requiring ACE were developed in the same session. Windows kernel LPE: first PoC in 31 minutes, all 18 crash reproductions within 6 hours. Microsoft Autopatch achieves approximately 90% device coverage in about 7 days. Mythos can produce working exploits from public patch information before Autopatch completes its rollout across enterprise device fleets. The time buffer that vulnerability management programs depend on no longer exists against an adversary using these tools.
What the N-Days Research Measured
The Firefox SpiderMonkey test provides a precise measurement of the timeline collapse. Anthropic researchers selected 18 patched vulnerabilities from Firefox versions 148 and 149. These were not cherry-picked easy targets: the set included vulnerabilities across the SpiderMonkey JIT compiler and memory management subsystems. Claude Mythos produced 14 of 18 PoCs in approximately 3 hours, with the first arriving in 12 minutes. 8 of those PoCs were full exploits requiring arbitrary code execution. For comparison, Opus 4.8 produced 2 PoCs for the same set.
The Windows kernel LPE test used stricter conditions. 21 LPE bugs from early 2026 Microsoft Patch Tuesday cycles. Binary-only analysis: no source code access, only compiled binaries, Ghidra for decompilation, and public vulnerability advisories. Mythos produced 18 crash reproductions, 8 complete LPE chains to SYSTEM, a first PoC in 31 minutes, and all 18 crashes within 6 hours. The total cost for the complete Windows set was approximately $15,700 in API fees. Opus 4.8 produced partial primitives only and zero full chains for the same vulnerability set.
The Microsoft Exploitation Unlikely reassessment is a critical finding for vulnerability prioritization programs. Of the bugs in the Windows kernel set rated Exploitation Unlikely by Microsoft, Mythos solved 13 of 14. That rating is based on analysis of what human exploit developers can achieve with traditional methods. It does not account for AI capability and should not be used as a deprioritization signal.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
The Operational Implication for Vulnerability Management
Three changes to vulnerability management programs are required. First, patch SLAs must shrink for critical and high-severity CVEs with network-accessible attack surfaces. The 30-day SLA for critical vulnerabilities was designed when exploit weaponization took weeks. A 30-day remediation target gives an AI-equipped adversary 30 days minus hours to exploit patched vulnerabilities. High and critical CVEs affecting network-accessible services now require 24 to 48 hour remediation targets where operationally feasible. Where 24-hour patching is not achievable, compensating controls must be deployed immediately, not staged as a follow-on action.
Second, compensating controls must be pre-deployed, not reactive. The traditional model treats compensating controls as a bridge between identification and patching. That model assumed the bridge would hold for days or weeks. Controls implemented in response to active exploitation are too late when exploit availability follows patch publication by hours. Network segmentation, egress filtering, and EDR behavioral detection must be standing configurations, not incident response artifacts.
Third, risk scoring must account for AI exploit capability. EPSS scores, CVSS exploitability ratings, and vendor exploitability classifications were all developed against a human threat actor model. Exploitation Unlikely was calibrated against human exploit developers. EPSS predictions use historical exploitation patterns from a pre-AI era. Neither is reliable for prioritizing against adversaries using tools with Mythos-class capability. Recalibrate exploitability estimates to treat network-accessible critical and high CVEs as exploitable by default, and treat Exploitation Unlikely ratings as signals worth independent validation rather than grounds for deprioritization.
Rebuilding Patch Prioritization for the AI Era
Four questions now drive patch prioritization, replacing the traditional CVSS score plus EPSS prediction model. First: is this a network-accessible service? Network exposure combined with critical or high severity requires patching within 24 hours regardless of EPSS score. The attack surface of a network-accessible service is reachable by any adversary with API access to Mythos-class models.
Second: is there a public PoC or detailed technical write-up available? In the pre-AI model, a public PoC indicated exploit risk within days. In the AI era, a public PoC combined with the patched binary is sufficient for Mythos to produce working exploits within hours. Treat public PoC availability as meaning near-immediate weaponization, not eventual risk.
Third: does the vendor rate this Exploitation Unlikely? Validate that claim independently. The N-days research demonstrated that 13 of 14 Microsoft-rated Exploitation Unlikely bugs were solved by Mythos. Exploitation Unlikely is no longer a reliable signal for deprioritization. If independent technical validation is not feasible, default to treating the vulnerability as exploitable.
Fourth: is this in a legacy subsystem with limited recent audit activity? The FreeBSD NFS client vulnerability that Mythos found through Project Glasswing had existed for 17 years in a rarely-audited code path. Age of code is no longer a proxy for safety. AI-powered analysis is as effective against old code as new code, and often more so, because old code paths accumulate subtle state management assumptions that predate modern security review practices. For a practitioner framework on adapting your vulnerability management program to AI exploit timelines, get the free Mythos Brief at /mythos-brief.
The bottom line
The assumptions underlying your patch SLAs, your compensating control timelines, your exploitability ratings, and your Patch Tuesday prioritization decisions were all calibrated against human exploit developers working with traditional methods. Claude Mythos changes those reference points: first Firefox PoC in 12 minutes, 8 Windows kernel LPE chains to SYSTEM in 6 hours, 13 of 14 Exploitation Unlikely bugs solved, $15,700 for the complete Windows LPE set. Rebuild your patch prioritization around three new rules: patch network-accessible critical and high CVEs within 24 hours, treat Exploitation Unlikely as a claim requiring independent validation, and pre-deploy compensating controls as standing configurations rather than reactive measures. For a no-cost practitioner guide to adapting your vulnerability management program to AI exploit timelines, get the free Mythos Brief at /mythos-brief.
This analysis is generic — the platform version scores threats like this against your own stack.
Frequently asked questions
What is a patch window in vulnerability management?
The patch window is the time between a vendor publishing a security patch and an attacker developing a functional exploit for that vulnerability. Traditional vulnerability management programs are designed around patch windows measured in weeks to months, with 30-day and 90-day remediation SLAs calibrated to those timelines. AI exploit development has effectively closed this window for a capable adversary.
How fast can AI develop an exploit after a CVE is published?
Based on Anthropic's published N-days research, Claude Mythos produced its first working Firefox SpiderMonkey exploit in approximately 12 minutes. For Windows kernel LPE vulnerabilities analyzed from binary-only information, the first PoC arrived in 31 minutes and all 18 crash reproductions were complete within 6 hours. These timelines assume the vulnerability information is available at the start of the session, which is the case for patched CVEs with public advisories.
Should I change my vulnerability SLA targets given AI exploit timelines?
Yes. 30-day SLAs for critical CVEs were designed around exploit development timelines measured in weeks. That assumption is no longer valid for a sophisticated adversary. High and critical CVEs with network-accessible attack surfaces should target 24 to 48 hour remediation where operationally possible. Where immediate patching is not feasible, compensating controls must be deployed before the patch lands, not as a reaction to confirmed exploitation.
What does Exploitation Unlikely mean now that AI can develop exploits quickly?
Microsoft's Exploitation Unlikely rating was calibrated against human exploit developers using traditional methods. In Anthropic's N-days research, Claude Mythos solved 13 of 14 bugs rated Exploitation Unlikely. The classification is not reliable as a deprioritization signal. Treat Exploitation Unlikely ratings with skepticism, validate the claim independently using technical analysis of the vulnerability's attack surface, and default to treating network-accessible critical and high CVEs as exploitable regardless of the rating.
How does Mythos compare to human exploit developers in speed?
For the CVE classes tested, Mythos operates roughly two orders of magnitude faster than a human specialist and at roughly two orders of magnitude lower cost. A Windows kernel LPE exploit that previously required weeks of specialist research and $50,000 or more in researcher time was reproduced by Mythos with 8 complete chains to SYSTEM in 6 hours at approximately $15,700 in API cost. The 5x improvement in autonomous exploit reliability over prior models reflects rapid capability progression.
What compensating controls should I deploy while waiting for a patch?
Prioritize network segmentation to limit the attack surface of vulnerable services to only required source addresses. Apply egress filtering to limit what a compromised host can reach. Ensure behavioral EDR detection is tuned to the attack patterns relevant to the vulnerability class rather than relying on signatures for exploits that do not yet exist in threat intelligence feeds. For kernel-level vulnerabilities, review privilege separation and audit logging on affected hosts. None of these replace patching; they reduce exposure during the patch window.
Sources & references
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
