In late December 2025, a single attacker began a month-long campaign against Mexican federal and state government systems. According to researchers at Gambit Security, who first disclosed the campaign, by the time it was disrupted, the operation had touched at least nine government agencies and a major financial institution, exfiltrating about 150GB of data including tax records, civil registry files, voter data, and government employee credentials. The researchers estimated around 195 million identities were exposed.
Several of the named agencies have publicly disputed the findings, but what's not up for dispute is the mechanics: the attacker exploited at least 20 known, unpatched CVEs over the course of the campaign. None of them were novel. What was novel was the operator. The attacker used Claude Code, and later GPT-4.1 when Claude refused, to identify vulnerabilities, generate exploits, and produce ready-to-execute plans against specific internal targets, at a pace no human red team could match. They didn't need a zero-day. They needed twenty unpatched CVEs and a model that would do the work. The patch window for those twenty CVEs was open. The attacker just moved faster than the defenders' patch cycle could close it.
This is the curve our response has to fit inside.
Picking up where I left off
A few months ago I wrote about Anthropic's Mythos and Project Glasswing, and argued that the most important thing CISOs could do was figure out how to be part of the shift the moment created. Mythos demonstrated a new class of capability: AI systems that can reason about code at the depth required to surface vulnerabilities that have evaded human reviewers and existing tooling for years. The point wasn't any one finding; it was that defenders had a head start on adversary capability — one that's already closing faster than the original estimates suggested.
A few folks have asked what we're actually doing with it. It’s a fair question and one I'll answer with specifics rather than theory.
A curve we've been watching for years
For most of us in security, the shrinking exploit window isn't new, and our response to it isn't either. We've been restructuring around this curve for years. What's changed recently is the slope.
In 2018, the average time from vulnerability disclosure to active exploitation was roughly a month. By 2022, about five days. Mandiant's M-Trends 2026 report places us somewhere different entirely: time-to-exploit has effectively gone negative, with a meaningful share of CVEs exploited within 24 hours of disclosure and a growing tail exploited before public disclosure.
Volume is going the other direction. The CVE program published 48,185 new vulnerabilities in 2025, 20.6% jump on top of 2024's record 38%. Submissions are up 263% over five years, and Q1 2026 came in roughly a third higher than Q1 2025. Defenders are now expected to triage around 130 disclosures a day, against a response window measured in hours.
The institutional response is itself a tell. In April, NIST announced that NVD would stop enriching every CVE — only those meeting specific criteria around active exploitation or federal-government relevance would get analyst attention going forward. Roughly 10,000 vulnerabilities from 2025 still lack a CVSS score, and only about 32% of 2025 entries have been fully enriched. The single source of truth that vulnerability management programs were built around isn't one anymore.
The defenders’ traditional approach — read the advisory, plan the change, schedule the maintenance window, deploy the patch — doesn’t fit inside this curve and it never will again. So, we've been restructuring around three plays we can actually do at machine speed.
Play 1: Proactively compress exposure
If we can't out-patch the attacker, we change what's reachable.
The investment here is in continuously mapping the live paths from internet-facing assets to crown-jewel data, and aggressively closing the ones we don't need. When a CVE drops, we don't just file a remediation ticket, we ask whether the exposed path was necessary in the first place. A meaningful share of the time, the honest answer is no, and the fastest fix is to remove the reachability rather than wait for the patch.
This is also where short-term virtual patching earns its keep. When a CVE in an internet-facing dependency lands and the vendor patch is two days out, we want a shield in place within the hour. The shield isn't the fix, but it buys the remediation pipeline enough time to do its job.
The volume problem makes this play even more important. When you can't deeply analyze every CVE the day it drops, you have to be able to answer one question for each of them quickly: is this reachable in my environment? Programs that can answer that in minutes are operating in a different threat landscape than programs that can answer it in days or weeks.
Play 2: Remediate at machine speed
The traditional remediation model assumes patches are authored by humans, reviewed by humans, and scheduled by humans. That cadence does not fit inside a 24-hour exploit window, let alone a negative one. The goal is to make sure human review is the only slow step left, and that it is reviewing a candidate fix rather than authoring one.
This is the most direct operational application of the Mythos-class capability I wrote about a few months ago. The same depth of code understanding that finds a 27-year-old bug can author a candidate patch, run regressions, and present a reviewable change. That doesn't make remediation automatic — engineers still validate, operators still deploy, business owners still own risk, but it does mean that the human is the slow step in a fast pipeline rather than the author in a slow one.
It's also the play that’s most aligned with the head start I wrote about. Glasswing partners and others investing in AI-assisted code-level remediation are already shortening the disclosure-to-patch interval for the open-source dependencies most of us run. The defenders who plug into that work, rather than waiting for it to filter down through commercial vendor patches, are going to have a meaningful timing advantage.
Play 3: Detect post-exploit behavior
You can’t rely on CVE signatures when the attack chain is being authored in real time by a model that has never seen your environment before. You also cannot rely on them when 80% of the CVE population is not being enriched. Either path leads to the same conclusion: signature-based detection alone is no longer a strategy.
What you can rely on is the behavior an attacker has to produce regardless of how they got in — process lineage that doesn't match the workload, anomalous egress, lateral movement, identity use that doesn't match the human or service that owns the credential.
That means prioritizing alerts by reachability to crown-jewel data and by identity blast radius rather than by raw signature volume. And it means sizing containment, not just detection, for minute-scale, not hour-scale. We can no longer operate under the assumption that we have hours or days to mitigate; that clock doesn’t exist anymore.
