AI turns patches into working exploits in 30 minutes, and the 90-day disclosure window is the casualty
Language models are collapsing the timeline for weaponizing security patches. Researchers now demonstrate that AI can reverse-engineer disclosed vulnerabilities into functional exploits within 30 minutes, fundamentally undermining the 90-day coordinated disclosure window that has anchored responsible vulnerability management for decades. This capability shift forces a reckoning across the security and AI communities: either disclosure timelines contract sharply, patch deployment accelerates dramatically, or the entire vulnerability market becomes asymmetrically dangerous. The implication extends beyond individual vendors to systemic infrastructure risk.
Modelwire context
Analyst takeThe 90-day window isn't just a convention, it's the contractual and reputational backbone of bug bounty programs, cyber insurance underwriting, and enterprise patch SLAs. Collapsing that window doesn't just pressure defenders, it potentially invalidates the actuarial models that make the entire vulnerability economy function.
This is largely disconnected from recent Modelwire coverage. The closest adjacent thread is the 404 Media piece on AI-generated content homogenization, which captures a different kind of AI externality: cultural and cognitive friction rather than security risk. The two stories don't share a causal chain, but together they illustrate a pattern worth naming. AI capabilities are producing second-order harms in domains that weren't designed with LLM-speed actors in mind, whether that's editorial quality norms or coordinated disclosure timelines. The security story belongs in a cluster alongside AI capability research and critical infrastructure risk, neither of which Modelwire has covered recently in depth.
Watch whether major bug bounty platforms like HackerOne or Bugcrowd revise their disclosure timeline policies within the next two quarters. A formal policy change there would confirm that the operational security community has accepted this capability shift as durable rather than theoretical.
This analysis is generated by Modelwire’s editorial layer from our archive and the summary above. It is not a substitute for the original reporting. How we write it.
MentionsThe Decoder
Modelwire Editorial
This synthesis and analysis was prepared by the Modelwire editorial team. We use advanced language models to read, ground, and connect the day’s most significant AI developments, providing original strategic context that helps practitioners and leaders stay ahead of the frontier.
Modelwire summarizes, we don’t republish. The full content lives on the-decoder.com. If you’re a publisher and want a different summarization policy for your work, see our takedown page.