NCSC warns AI accelerates vulnerability discovery, prompting urgent patch wave

The UK's National Cyber Security Centre (NCSC) has issued a warning that artificial intelligence is significantly speeding up the discovery of software vulnerabilities, increasing the risk of widespread exploitation and necessitating a rapid response from organizations. The agency anticipates a substantial increase in the number of urgent software updates required to address these newly exposed flaws, according to a recent report by Security Affairs.

The NCSC highlights that skilled attackers leveraging AI can identify software weaknesses at an unprecedented pace. This acceleration is expected to trigger a "patch wave," forcing governments and companies to deploy security updates rapidly to mitigate risks. The agency advises organizations to proactively reduce their internet-facing attack surfaces by securing perimeter technologies first, followed by cloud and on-premise systems. For systems that cannot be fully patched, priority should be given to external-facing and critical infrastructure. The NCSC also emphasizes that patching alone is insufficient, particularly for legacy or end-of-life systems that no longer receive updates, recommending their replacement or restoration of vendor support.

To manage the increased vulnerability disclosure, organizations are encouraged to enable automatic updates and hot patching where possible, and to use risk-based prioritization for manual updates. Beyond patching, the NCSC suggests vendors adopt safer design principles like memory safety and containment technologies, while organizations should strengthen basic cyber hygiene and consider advanced measures like privileged access workstations and enhanced threat detection for higher-risk environments.

Source: Security Affairs