As AI can find vulnerabilities and write real attack code within hours, concerns are growing about a so-called “patch gap”, where corporate security teams have less and less time to fix flaws.

Google’s M-Trends 2026 report shows cases are already emerging in which attacks take place before patches are deployed.

A vulnerability in Langflow, an open-source development tool for visually building AI agents and workflows, was used in real attacks 20 hours after disclosure. A Marimo vulnerability was used in 9 hours and 41 minutes.

Research also found that Anthropic Mythos preview can turn newly disclosed software vulnerabilities into working exploits in hours rather than weeks.

Axios reported on June 8 that Anthropic’s Frontier Red Team tested Mythos on Mozilla Firefox and Microsoft Windows kernel vulnerabilities disclosed in January and February this year.

For a Windows kernel vulnerability, Mythos generated its first proof-of-concept exploit in 31 minutes. It could trigger a Blue Screen of Death in 18 of 21 kernel bugs tested, and it produced different exploits for 8 of them. The longest exploit generation time was about 5.7 hours. In Firefox, Mythos also succeeded in creating 8 code execution exploits against 18 security patches.

Anthropic said generating an exploit that raises privileges for Windows access cost about $15,700 in API fees, or about $2,000 per exploit.

The study is drawing attention because it shows that AI models such as Mythos can go beyond quickly detecting new bugs to rapidly weaponising already known vulnerabilities. That means the likelihood of attacks occurring before companies prepare patches is increasing.

Most cyberattacks target known vulnerabilities that companies have not yet patched. Axios reported that some open-source models, besides Mythos, are already finding bugs at a level similar to Mythos and OpenAI GPT-5.5-Cyber.

VentureBeat reported that experts say the conventional approach of prioritising by CVSS, a vulnerability severity score, cannot keep up with such changes. They propose using a three-stage filter combining the CISA Known Exploited Vulnerabilities (KEV) list, the Exploit Prediction Scoring System (EPSS) and CVSS.

VentureBeat reported that verification of 28,377 vulnerabilities showed that using the three-stage filter reduced urgent patch targets by 95 percent while still not missing 85.6 percent of vulnerabilities exploited in real attacks.

Concerns are also rising over AI agent permissions. A report by the Cloud Security Alliance, a nonprofit that publishes cloud security research and standards, and startup Zenity said 53 percent of companies experienced cases where AI agents were used beyond intended permissions, and 47 percent suffered agent-related security incidents.

VentureBeat reported that Docker CVE-2026-34040 is a vulnerability that disables all authentication checks when a request of more than 1 MB is sent. It said a demonstration confirmed that an AI agent can discover and exploit such a weakness on its own.

The report warned that if AI development tools such as Langflow, Flowise and n8n are compromised, connected model API keys, database credentials and business system access tokens could all be stolen at once.