Why Vendors Must Fight Back as Time-to-Exploit Shrinks

Sean Webb

Apple’s decision to push software updates faster makes perfect sense

POV by Sean Webb, Team Lead of Managed Services at Katalyst

headshot of author Sean webb and the title of the article about time-to-exploit

Sometimes a news item jumps out at me as I drink my first coffee of the day and I think: That’s exactly what I hoped would happen! Not that I’m prescient. But my day-to-day work makes me acutely aware of both IT technicalities and processes.

The news I’m referring to – from only yesterday as I write this – told us that Apple would now push forward software updates for security reasons, instead of waiting, as normal, for the next iOS upgrade.

The real story here is how AI is changing the threat landscape. Apple just illustrated it.

In case you’re less familiar with these ideas, let’s backtrack a moment and look at how attackers weaponize those software patches that – as consumers, at least – we often welcome with open arms and a sigh of relief.

When a vendor releases a patch publicly, attackers get to work immediately comparing the difference between the two versions and reverse engineering the bug that’s being patched. That’s so much easier today than it was – due to AI assistance.

And the knowledge they gain is gold dust to attackers. They use it immediately to attack unpatched systems.

We professional IT service providers have a small gap in which to act between the patch being issued and safely patching our clients’ software and hardware.

We call this gap “time to exploit” – the time attackers have to write an exploit script for a publicly disclosed vulnerability (commonly called “N-day”) and take advantage of the situation before we can apply a patch.

Why is Time-to Exploit a Problem in 2026?

The gap is shrinking every month. In fact, from what I read and observe, Time-to-Exploit has gone negative. In other words, we’re now seeing attackers exploit some vulnerabilities before vendors have even released the patch designed to fix them.

This is an industry measured truth. N-day exploit scripts now drive over 80% of known exploited vulnerabilities.

I believe this is exactly why Apple has accelerated its updates. And part of that decision-making process will be around the speed of AI development for both attackers and defenders.

The Apple brand is having to evolve to meet the security needs of the market exactly because AI is compressing the window that malicious actors need to exploit known flaws.

Any public notification of a patch is also a warning shot to IT professionals to apply the patch immediately. Later is likely too late these days.

We’ve certainly taken notice of it at Katalyst.

Remediation and upgrade velocity is now key for IT personnel and managed services providers.

Once a patch and remediation gets public exposure, the only safe route is to patch devices immediately to avoid them becoming victim to the reverse engineering outlined above.

But What Does Time-to-Exploit Mean for Businesses in the Mid-Market?

Two things are uppermost in my mind on this issue.

First, smaller IT teams may have limited time to track the market for vulnerability announcements. It’s likely they’ll soon need IT partners who constantly watch their systems and apply vendor patches immediately.

And second, finding lightning-fast solutions to vulnerabilities long-term is more than humans can achieve in today’s Time-to-Exploit window.

These two thoughts explain my title about vendors fighting back.

Vendors “fighting back” with AI is not some sci-fi trope any longer – this is a reality we see becoming more and more constant and absolutely necessary in the industry.

It’s my opinion that AI vs. AI is likely the only outcome – although we’re perhaps still a few years from this outcome.

If we accept what research tells us about cyber attacks, currently and statistically the battle is going asymmetrically in favor of those offensive, malicious actors who target exploits in codebases and use vendor disclosures or patched versions to do so.

So I believe it’s going to be inevitable that vendors will need to leverage the same AI capabilities, just to keep up.

This will lead to a natural “super-cycle” of AI patch > exploit > patch that will result in AI becoming the security layer overall, long-term.

There doesn’t appear to be an alternative.

Vendors and manufacturers are going to have to evolve to meet the security needs of the market – and that’s what we’re seeing Apple do here.

It remains to be seen how quickly other brands follow suit. If they don’t, I believe they may eventually not exist.

Continue the Conversation with Katalyst

At Katalyst, we’re continually reviewing how changes like these affect the way we help protect our clients. As the threat landscape evolves, so do the processes and technologies we use to stay ahead of it.

If you’d like to discuss any of these issues, schedule a call and ask for me.

Picture of Sean Webb

Sean Webb

Sean Webb is the Team Lead of Managed Services at Katalyst and brings a strong blend of technical engineering and process-focused expertise to client environments. His background includes SD-WAN design and deployment, firewall policy analysis, network troubleshooting, and enterprise network design, along with experience supporting platforms such as Cisco, Juniper, Fortinet, Palo Alto, and Meraki. Sean is passionate about building scalable solutions and improving day-to-day operations through clear documentation and proactive support.

Helping You Go Further, Faster, Safer

Learn about the services Katalyst offers to keep your organization and its data safe with a tailored cybersecurity solution.

Sign up for our newsletter to get insights sent directly to your inbox.

Related Content

Search Here