Definition
The dramatic compression of the time window between when a vulnerability is disclosed and when it is actively exploited in the wild—driven by AI-powered automated exploit generation. Where organizations once had 300+ days to patch, AI-assisted tools can develop working exploits in hours.
Why it matters
The traditional patching playbook (test for 30 days, stage for 14 days, deploy over weeks) is now obsolete. Organizations with 175,000+ unpatched systems face active exploitation before patching decisions are even made. CISA has reduced mandated patch timelines to 3 days for critical flaws as a result.