In operational technology environments where patching timelines are long, the speed of AI-developed exploits poses a grave risk to critical infrastructure.
The most important detail in recent reporting on the VoidLink Linux malware framework is how fast it was built.
The AI-assisted Linux malware project ballooned to nearly 90,000 lines of code in a matter of days. That should stop every security leader, infrastructure operator and policymaker in their tracks. Not because malware is new, but because the economics and timelines of exploit development have changed.
AI is now producing exploits faster than we can patch them.
The implications are particularly acute for systems that cannot be updated quickly or regularly. Many operational technology environments, for example, are designed for long lifecycles and infrequent updates. They were never built to absorb rapid patch cycles. When artificial intelligence can help create exploit paths in days, and patch cycles take months, we are left with a structural imbalance in risk.
See how leaders are modernizing cloud with confidence in a new ebook, sponsored by Pega and AWS.
That should deeply concern anyone responsible for systems that cannot be patched overnight, or at all.
In traditional IT environments, faster exploit development is dangerous enough. In OT, embedded systems and critical infrastructure, it’s something far more serious.
Industrial systems are not designed for rapid patching. Patch cycles are measured in months, not days. Downtime is unacceptable. Validation is slow. In some cases, vendors are gone, hardware is frozen or updates simply don’t exist because the software has reached end-of-life.
Now contrast that reality with AI-accelerated exploit development. When new exploit paths can be generated in days — and defenders need quarters to respond — we are dealing with a widening, structural gap.
No amount of vulnerability scanning or patch prioritization closes that gap.
Vulnerabilities cannot be eradicated entirely, especially in long-lived embedded systems and industrial control environments. When exploit creation becomes cheap and automated, attackers will iterate faster than defenders can react.
A successful exploit can be adapted and scaled over time. Once an exploit works reliably, it can be repurposed across different devices, products, components and contexts. AI accelerates not just the discovery of vulnerabilities, but the refinement and reuse of exploit techniques.
Sign up for our daily newsletter so you never miss a beat on all things federal
Defenders need to break that cycle. How do we prevent exploits when patching can’t keep up?
Rather than relying on patching, organizations will need to move toward architectural controls that reduce the reliability of exploits, limit reuse and constrain post-exploitation impact.
To protect critical infrastructure, we need to design defenses that complement patching and achieve an asymmetric shift in resilience.
That means assuming compromise is possible and focusing on:
Assuming that some vulnerabilities will be found and exploited, we have to restrict what attackers can do once they achieve a foothold. That means robust segmentation, least privilege architectures, controls that isolate critical functions, and runtime exploit prevention to defend software. If we wait for perfect patch coverage, we will always be behind.
AI has permanently altered the offense-defense balance in cybersecurity. The speed advantage favors attackers, but defenders can shift their strategy to defend systems that were built for a different era.
The organizations that adapt will be the ones that accept this reality early and redesign their defenses accordingly. The ones that don’t will continue chasing patches while attackers move on to the next automatically generated exploit.
AI is producing exploits faster than we can patch. If we are serious about protecting the systems that modern society depends on, that statement must guide our strategy, our investments and our urgency.
Joe Saunders is founder and CEO of RunSafe Security and chairman of Ask Sage.
Read more: Commentary
Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Leave a Reply