US weighs slashing vulnerability patching deadlines as AI-driven threats accelerate

There are discussions in US cybersecurity circles to radically shorten the time given to government agencies to fix software vulnerabilities currently being exploited, especially amid concerns about the growing use of artificial intelligence-based attacks. 

According to a report by Reuters, there are talks of reducing the time frame from the current two or three weeks down to just three days, dramatically raising the pace of defensive operations across government systems.

These conversations, initiated by CISA and the Office of the National Cyber Director, have been spurred by an increasing sense of unease regarding more advanced AI models like Anthropic Mythos and GPT-5.4-Cyber.

These models are expected to significantly reduce the window during which any vulnerabilities can be detected and exploited, reducing attack times from weeks or days down to hours.

It is acknowledged, however, that such ambitious timelines will be challenging to meet. Patching vulnerabilities entails numerous steps in ...