AI Is Dramatically Shrinking Window For Responding To Vulnerabilities: Cynet’s MacKenzie Brown

The 32-day window traditionally followed by vulnerability management programs is ‘down to five days’ as a result of attackers utilizing AI tools, Brown said Tuesday.

Vulnerability management activities will need to shift into a higher gear in response to the growing usage of AI tools for discovery of software flaws and creation of exploits, according to Cynet threat expert MacKenzie Brown.

During a session Tuesday at XChange March 2026, an event hosted by CRN parent The Channel Company this week in Orlando, Fla., Brown said the time to react to the disclosure of vulnerabilities has shrunk dramatically as a result of LLMs.

Traditionally, the time from vulnerability disclosure to the time when there is a proof-of-concept exploit available for the flaw and the vulnerability is exploited in the wild has been about 32 days, she said.

However, while workers enjoy a massive productivity boost from AI, “so do threat actors,” said Brown, vice president of threat intelligence strategy at cybersecurity platform vendor Cynet.

Attackers are well-known for using AI to build infrastructure and carry out massive phishing campaigns, she noted.

But now, “when it comes to vulnerability and exploitation, they’re able to look for exploits and/or create exploits at a much faster rate—reverse engineer at a faster rate,” Brown said. “Therefore this 32-day window is down to five days.”

In response, when organizations think about the change management policies and vulnerability management programs they have built, this window is likely too short, she said.

“We don’t have enough time to put our entire playbook into action in order to make that five-day window,” Brown said. “Especially if it’s an asset where you're like, ‘No, no, no, we can’t upgrade this,’ or, ‘We can’t patch this’—not an option.”

Without a doubt, Brown is delivering an urgent and eye-opening message about how the game has changed when it comes to defenders seeking to keep attackers at bay, according to one MSP executive who attended the talk.

“I think that shows you how quickly you have to move to protect yourself,” said Jae Han, president of Gaithersburg, Md.-based OmniNET Plus.

This is a major concern because, for instance, “if you miss the announcement that something is exploited—you’re pretty much at a disadvantage already,” Han said. “Because by the time you find out, it may be too late.”

Brown’s recommendation to organizations is to work toward gaining a good understanding of their own systems and which are the top priorities for patching in the event of a major vulnerability disclosure.

“You have to have things in place in order to be effective,” she said. “Ideally, you have a really strong zero-trust architecture—a modern transformation to your network and environment—[and] understand asset visibility.”

Still, “in many cases, people don’t have that,” Brown said.