← Back to all articles
cybersecurity msp

AI Is Finding Vulnerabilities Faster Than You Can Patch

Anthropic warns that AI models will surface vast numbers of hidden bugs within 24 months. A breakdown of their guidance and what it means for MSPs.

Updated 9 min read
A cracked digital shield under attack from AI-driven scanning beams in a dark server environment

Anthropic published a security guidance document on April 10, 2026 that should be required reading for anyone responsible for defending infrastructure. The core message: AI models are rapidly collapsing the time between a vulnerability existing and it being discovered and exploited. Within 24 months, the company expects “vast numbers of bugs that sat unnoticed in code, possibly for years” to be found by AI models and chained into working exploits.

This is not speculative. Anthropic references publicly available, sub-frontier models that have already found serious vulnerabilities in production software (including Mozilla Firefox) that traditional human reviews missed. Their frontier model, Claude Mythos Preview, goes further, demonstrating strong capabilities in automated vulnerability discovery as part of their Project Glasswing cybersecurity initiative.

The article is dense with practical recommendations organized around seven focus areas. This post pulls out what matters most for MSPs and the SMB environments they protect.

The patch window is collapsing

The most immediately actionable section of Anthropic’s guidance concerns patching. Their argument is straightforward: the window between a patch being published and an exploit becoming available is shrinking. When AI can generate working exploits from patch diffs in hours rather than weeks, a “monthly patch cycle” becomes a liability.

Their specific recommendations:

For MSPs running client environments, this is not new advice, but the urgency behind it has changed. The assumption used to be that you had days to weeks between disclosure and active exploitation. That assumption is becoming dangerous.

Vulnerability volume is about to increase dramatically

Beyond patching speed, Anthropic warns about an order-of-magnitude increase in vulnerability finding volume over the next two years. This hits MSPs in two ways: more vulnerabilities in client environments that need triage and remediation, and more vulnerability reports flowing into every software vendor you depend on.

Their practical recommendations for handling the volume:

  • Move beyond spreadsheets to automated intake, triage, and tracking systems
  • Use OpenSSF Scorecard to evaluate the security posture of open-source dependencies
  • Deploy AI to deduplicate findings, estimate exposure, and draft remediation tickets
  • Identify and eliminate redundant dependencies to reduce attack surface
  • Consider reimplementing small, poorly maintained dependencies rather than continuing to trust them

The dependency management point is worth emphasizing. Every library in your stack is an attack surface. The LiteLLM supply chain attack and axios npm incident both demonstrated what happens when widely used packages are compromised. As AI makes it easier to find bugs in those packages, the frequency of these events will increase.

Shift left: find bugs before they reach production

Anthropic makes a blunt claim in their guidance: “You should assume that bugs that reach production will eventually be found.” In a world where AI models can scan entire codebases systematically, security through obscurity is dead.

Their recommendations center on integrating security into the development pipeline:

  • Add static analysis and AI code review to CI/CD, blocking merges on high-confidence findings
  • Adopt the SLSA framework for build pipeline security
  • Follow CISA’s Secure by Design practices: MFA by default, no default passwords, transparent disclosure
  • Prefer memory-safe languages (Rust, Go, managed runtimes) for new projects
  • Implement AI vulnerability scanning in existing codebases, prioritizing internet-facing services and legacy code

They flag AI vulnerability scanning as the single highest-priority action item in this area. The reasoning: production code “has been reviewed by humans many times, but has never been examined by a frontier model,” and such analysis “tends to surface new, previously-overlooked issues.”

For MSPs who also develop internal tooling or manage client codebases, this is a direct call to action. For those who don’t write code but manage infrastructure, the takeaway is about vendor expectations: start asking your software vendors whether they’re scanning their codebases with AI tools, and factor the answer into your risk assessments.

Design for breach, not just prevention

This section of Anthropic’s guidance challenges a common defensive assumption. They argue that “mitigations whose value comes from friction rather than hard barriers are much less effective against an adversary that can grind through tedious steps.” When AI can automate the grunt work of lateral movement and privilege escalation, security controls that rely on complexity as a deterrent lose their value.

Their recommended architecture:

  • Zero Trust: adopt the CISA Zero Trust Maturity Model or NCSC Zero Trust Principles. Tie access to verified hardware, not just credentials
  • Phishing-resistant 2FA: mandate FIDO2 or passkeys for production and sensitive tools. SMS and TOTP are no longer sufficient
  • Service isolation: enforce service-to-service authentication via cryptographic identity, not just network segmentation
  • Short-lived credentials: replace long-lived secrets with narrowly scoped, time-limited tokens
  • Identity-aware access proxies: enable device-verified MFA without requiring a full architectural overhaul

For MSPs, the Zero Trust and phishing-resistant MFA recommendations are the most immediately deployable. If you’re still relying on SMS-based MFA for admin access to client tenants, or using long-lived API keys for integrations, the risk profile of those choices is increasing as AI lowers the cost of credential attacks.

Inventory your attack surface and shrink it

A deceptively simple point from the guidance: you cannot defend systems you don’t know about. Anthropic recommends:

  • Maintain a current inventory of all internet-facing hosts, services, and APIs
  • Decommission unused and legacy systems aggressively
  • Implement default-deny ingress at the network level
  • Query public scan indexes (like Shodan) against your own IP ranges to see what attackers see
  • Use cloud-native inventory tools (AWS Config, Azure Resource Graph, GCP Asset Inventory) to maintain real-time visibility

They also suggest deploying autonomous external red-teaming agents to discover forgotten hosts and misconfigurations. This is forward-looking, but the underlying principle is timeless: if it’s on the internet and you forgot about it, someone will find it. AI just accelerates the “someone will find it” part.

For MSPs managing dozens of client environments, asset inventory drift is a constant problem. Old test servers, forgotten subdomains, legacy VPN endpoints: these are exactly the targets AI-assisted scanning will surface first.

Speed up incident response

The final major section addresses detection and response. Anthropic’s framing: “Exploits can appear within hours of a patch. Response processes that take days are too slow.”

Key recommendations:

  • Deploy AI triage agents with read-only SIEM access for first-pass alert investigation
  • Prioritize dwell time and detection coverage as primary metrics
  • Map detection coverage against the MITRE ATT&CK framework
  • Automate evidence collection, note-taking, and postmortem drafting
  • Run tabletop exercises simulating five simultaneous incidents, not just one
  • Establish pre-approved emergency change procedures for rapid patching and containment
  • Use Atomic Red Team (open-source, ATT&CK-mapped test library) to validate detection coverage

The five-simultaneous-incidents tabletop is a good stress test. Most response plans assume a single major incident with the full team’s attention. AI-accelerated offense could create scenarios where multiple clients or systems are compromised in rapid succession. If your response plan breaks under that load, you’ll find out at the worst possible time.

What MSPs should do this quarter

Translating Anthropic’s guidance into a prioritized action list for MSP teams:

Week 1: Patch governance

  • Audit your current patch SLA for internet-facing systems. If it’s longer than 72 hours, compress it
  • Subscribe to the CISA KEV catalog feed and treat every new entry as a priority-one ticket
  • Evaluate EPSS integration for your vulnerability management workflow
  • Identify any client environments still on monthly patch cycles and escalate

Week 2: Access controls and Zero Trust

  • Audit admin access to all client tenants for phishing-resistant MFA (FIDO2/passkeys)
  • Inventory long-lived API keys and service account credentials across client environments
  • Evaluate identity-aware access proxy solutions for internal service protection
  • Review OAuth consent policies in Microsoft 365 and Google Workspace tenants

Week 3: Attack surface reduction

  • Run external scans against all managed IP ranges and compare results to your asset inventory
  • Identify and decommission unused services, forgotten subdomains, and legacy endpoints
  • Verify default-deny ingress rules are in place across client firewalls
  • Review open-source dependency posture for any internally maintained tooling

Week 4: Detection and response readiness

  • Map current detection capabilities against MITRE ATT&CK and identify the largest gaps
  • Run a tabletop exercise with a multi-incident scenario (at least three concurrent incidents)
  • Document pre-approved emergency change procedures for rapid patching
  • Test backup restoration procedures and validate recovery time objectives

Key takeaways

  • The exploitation timeline is compressing. AI models can generate exploits from patch diffs in hours. Monthly patch cycles for internet-facing systems are no longer defensible. Target 24 hours for critical exposures.
  • Vulnerability volume will surge. Expect an order-of-magnitude increase in discovered vulnerabilities over the next two years. Automated triage and prioritization tools (KEV, EPSS) are no longer optional.
  • Friction is not security. Controls that depend on complexity to slow attackers down lose effectiveness when AI automates the tedious parts. Invest in hard barriers: Zero Trust, phishing-resistant MFA, cryptographic service identity.
  • Know your attack surface. Every untracked internet-facing system is a target that AI-assisted scanning will find faster than a human would. Inventory aggressively and decommission what you don’t need.
  • Response speed is the new differentiator. When exploits arrive in hours, response processes measured in days are too slow. Pre-approve emergency change procedures and stress-test your response plan with multi-incident tabletops.

What’s next

For more on the evolving threat landscape and defensive strategies:

Huntress 2026 Cyber Threat Report: Key Findings for MSPs

Analysis of the Huntress 2026 Cyber Threat Report covering identity compromise, RMM abuse, ClickFix loaders, ransomware timelines, and a 30-day action plan.

LiteLLM Supply Chain Attack: What MSPs Need to Know

Analysis of the TeamPCP supply chain attack on LiteLLM via compromised Trivy GitHub Actions, covering the 3-layer payload, IOCs, and defensive actions for MSPs.

Axios npm Supply Chain Attack: What You Need to Know

Analysis of the axios npm supply chain attack that dropped a cross-platform RAT via maintainer account compromise, with IOCs and defensive steps.

← Back to all articles
Search articles
esc to close