How LLMs Are Ending The Attacker-Defender Stalemate (And What to Do About It)

Frontier Large Language Models (LLMs) are reshaping how software is built, attacked, and secured. Their impact is most visible in code generation and vulnerability discovery, where they reduce the time and expertise required to produce outputs that previously demanded specialist knowledge. As organisations rush to adopt AI tools into development and operations, a practical question arises: in a world where AI can autonomously write exploits and generate patches, what is the role of human-driven security?

The Compression of Vulnerability Exploitation Timelines

For decades, cybersecurity has been a cat-and-mouse stalemate. Attackers develop a new technique; defenders build a new control. This balance of power has continually shifted in favour of the attackers, with a plummeting average time between vulnerability disclosure and exploitation in the wild, or Time-to-Exploit (TTE).

The data highlights the reality of the current situation:

• Mandiant’s M-Trends 2026 Report: TTE has turned negative: Shown from analysis of 500,000+ hours of incident response data, exploitation now typically begins before a patch becomes widely available.

• Zero Day Clock Project: Weaponisation speed has jumped: 67.2% of exploited CVEs in 2026 were weaponised before or on the day of public disclosure, up from 16.1% in 2018.

• VulnCheck State of Exploitation 2025 Report: Uses a more conservative methodology, yet still tracks a near doubling in the percentage of vulnerabilities with a TTE of less than one day since 2024, now accounting for roughly 29% of vulnerabilities.

The wider trend of decreasing TTE predates widespread LLM use and likely reflects broader improvements in attacker knowledge, tooling and automation. However, LLMs are well-positioned to accelerate it further. Generating a working exploit from patch analysis is now something capable models can assist with in minutes. The defender’s side of this process, which involves testing, validating, and deploying patches across production systems, continues to operate on significantly longer timelines.

Recent research by Sean Heelan illustrates this shift in practice; AI agents powered by frontier models (Opus 4.5 and GPT-5.2) generated over 40 distinct exploits for a zero-day vulnerability in the QuickJS JavaScript interpreter across six scenarios, most taking under an hour to solve at roughly $30 per run.

In one striking scenario, the AI bypassed a seccomp sandbox, hardware-enforced shadow stack and other controls by engineering a seven-call chain through glibc’s exit handler mechanism.

Heelan noted that QuickJS is significantly less complex than the JavaScript engines used by Chrome or Firefox, and that the exploits relied on known techniques rather than novel ones. His conclusion is nonetheless significant: the limiting factor for vulnerability discovery may be shifting from the availability of skilled researchers to token throughput.

Recent Events

At the [un]prompted 2026 security conference in March 2026, Nicholas Carlini, a Research Scientist at Anthropic, demonstrated that a simple bash script looping over every source file in a repository, querying a publicly available AI model for vulnerabilities and running a second pass to verify exploitability, can achieve a near 100% success rate with no domain expertise or sophisticated prompting required.

This story has been mostly obscured by the narrative surrounding Project Glasswing, the Claude Mythos Preview, and the claim that Mythos was too dangerous for general release because it identified critical vulnerabilities across every major operating system and browser. Early analysis from preview partners, including AWS and Mozilla, suggests a more measured picture. Mythos requires less hands-on guidance from security engineers and is a genuine productivity multiplier for human teams, though at a compute cost significant enough to place it out of reach for most organisations.

As Mozilla CTO Bobby Holley noted after the model found 271 vulnerabilities in Firefox, Mythos matches elite human researchers in capability - but has not yet exceeded them. Several independent researchers found that Mythos’s headline results involved known techniques, substantial human guidance in transcripts, and, in some cases, were reproduced using the publicly available Claude Opus 4.6 model.

The community response has been instructive. Open source reconstruction projects, such as OpenMythos, have proposed that Mythos is a Recurrent-Depth Transformer (a looped architecture that trades unique layers for repeated passes through a shared recurrent block), achieving deeper reasoning at inference time without proportional parameter growth. Whether or not that hypothesis is correct, the signal is clear: the research community considers Mythos-class capabilities within reach of well-resourced open efforts in the near term.

The practical upshot is not that Mythos is a “nothingburger”. It is that the automated, scalable vulnerability research does not depend on any single frontier model and cannot be safely contained by withholding access to LLMs.

The important underlying question is not the capabilities of the latest specific model, but rather what these trends tell us about the direction and pace of LLM-assisted vulnerability discovery. That answer remains genuinely concerning, not because of any single model’s capabilities, but because of the structural asymmetry between how offence and defence scale.

Why The Asymmetrical Arms Race Favours The Offence

The imbalance between attacker and defender feedback loops is structural. It reflects the systemic asymmetry in the nature of the two goals, an asymmetry that AI amplifies but did not create, and that cannot be resolved through tooling improvements alone.

• Offence is a search problem with a binary success condition, which means AI can autonomously iterate at scale - launching parallel exploits and discarding failures in real-time with minimal human dependencies.
• Defence is a coordination and prioritisation problem with significant human dependencies, as triaging findings requires contextual judgment. Defenders need high confidence that every door is closed, as there are real costs - an unvalidated finding or a careless remediation can cause more damage than the vulnerability it was intended to address.

Remediation And Deterministic Assurance

Finding a potential vulnerability is not the same as understanding its real-world impact or performing effective remediation. Validating exploitability, aligning with an organisation’s existing controls and risk appetite, and remediating a single risk without introducing new risk are all distinct problems. Moreover, every unvalidated finding creates noise; if not triaged effectively, that noise consumes the same engineering time required for effective remediation.

Translating a technical finding into terms that enable leadership to make informed decisions about budget and priorities requires an understanding of organisational dynamics and audience-based adjustments. This depends on direct engagement with the teams running the systems, and accumulated knowledge of which risks actually get fixed versus which get deprioritised, and why.

Regulatory requirements are also increasing the pressure on organisations operating high-risk AI systems. The EU AI Act reaches full enforcement in August 2026, requiring documented human oversight for AI systems. For boards and leadership teams, this means they cannot point to automated controls as due diligence. Instead, they need to demonstrate informed engagement with how they work, where they can fail, and what residual risk remains.

For most organisations, building that level of sophisticated oversight internally from scratch is not realistic in the near term; this is where ControlPlane’s specialist AI Native engineers embed with clients to unlock secure, high-throughput AI workflows while integrating deeply with the organisation’s people and processes.

The Essential Human-In-The-Loop

The success of a security program has never been limited to discovering or remediating vulnerabilities. Success lies in communicating risk to stakeholders, prioritising findings in a business context, reducing the cost of triage, guiding effective remediation and providing independent deterministic assurance that controls are enforced and functioning as intended.

Despite continued advances in the speed of vulnerability discovery, the most critical vulnerabilities of the modern era, such as broken access controls - which OWASP has ranked as the most critical since 2021 - remain invisible to automated analysis. These risks persist precisely because their exploitation and remediation require a contextual understanding of business logic and intent that automated tools cannot replicate.

Crucially, the context needed to identify these flaws often lives in people, not in documentation, codebases, or public CVE databases.

The threat landscape is changing, and so are the tools required to defend it. However, the underlying challenge of helping organisations understand and manage risk in context remains unchanged.

Readying your organisation?

ControlPlane works to ready clients for this changing environment, enabling AI Native security and platform delivery.

We co-authored the AI Governance Framework for FINOS, and ensure organisations stay ahead with AI and security tools, including threat models and maturity assessments and transforming their cloud native security posture.

Contact our team today to get started.