UK National Cyber Security Centre (NCSC) has warned of a new ‘patch tsunami’ as AI tools detect long-hidden software flaws. These loopholes were found buried in decades-old code.
According to reports, these flaws are now surfacing at unprecedented speed. All thanks to AI, which can scan vast codebases in hours. Tasks that once took years now take days. This shift is exposing deep-rooted vulnerabilities across industries, from finance to critical infrastructure.
So, what went wrong, and what’s the actual threat? Attackers today use AI to discover system weaknesses. Finding security flaws within minutes now enables attackers to launch attacks. The detection process allows hackers to start attacks within a few hours. The number of zero-day vulnerabilities has increased.
Experts suggest that organizations become vulnerable to attacks because patching delays create immediate security risks. The NCSC anticipates a significant increase in vulnerability disclosure reports. IT teams must handle an overwhelming number of patches because each discovery needs immediate resolution.
According to reports, on April 7, Anthropic unveiled Claude Mythos Preview alongside Project Glasswing, a restricted initiative granting access to roughly 40 organizations, including Apple, Amazon, Microsoft, Google, CrowdStrike, Nvidia, JPMorgan Chase, and the Linux Foundation for defensive security work only. Anthropic deemed the model too dangerous for public release after it identified thousands of high-severity zero-day vulnerabilities across all major operating systems and web browsers during testing.
The ‘patch tsunami’ creates a temporary surge in activity that extends beyond its immediate impact. The vulnerabilities existed from the beginning. AI technology enables us to identify existing vulnerabilities faster than before.
The NCSC recommends that companies adopt continuous patching instead of their current practice of using regular software updates. The process of fixing software will require automated systems to manage both the large number of problems and the rapid pace at which solutions need to be delivered. Companies should treat their internet-facing systems as their top priority for security improvements.
Also read: xAI Launches Grok 4.3 With Always-On Reasoning and Voice Cloning to Take On OpenAI and Google