""In my past life, it would take us 360 days to develop an amazing zero day," Zafran Security CEO Sanaz Yashar said. "Now, the volume and speed is changing so much that for the first time ever, we have a negative time-to-exploit, meaning it takes less than a day to see vulnerabilities being exploited, being weaponized before they were patched," Yashar told The Register. "That is not something you used to see.""
""She's citing Mandiant's recent analysis that found the average time-to-exploit (TTE) in 2024 hit -1. This is how Google and Mandiant define the average number of days it takes attackers to exploit a bug before or after the vendor issues a patch, and this is the first time ever the security analysts have seen a negative TTE. Crims are getting to exploit bugs a day before they're patched now.""
Sanaz Yashar spent 15 years in Israel Defense Forces Unit 8200 and calls herself a "hacking architect." AI-driven tools have accelerated attackers' ability to discover and weaponize vulnerabilities, producing a negative time-to-exploit (TTE) in 2024 where exploits occur on average one day before patches. Mandiant analysis shows TTE hit -1 and LLMs and AI aided weaponization in 78% of cases. Zafran, co-founded by Yashar in 2022, uses AI to map and manage cyber-threat exposure; Yashar previously led threat intelligence roles at Cybereason and Mandiant. The rapidness of AI-enabled operations increases defenders' risk and reduces time available for patching.
#ai-assisted-attacks #negative-time-to-exploit #vulnerability-weaponization #cyber-threat-intelligence
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]