The UK\u2019s National Cyber Security Centre issued an unusual warning about what\u2019s coming next. AI, the NCSC says, is now capable of unearthing decades of buried software flaws at a scale and speed that the industry\u2019s entire patching infrastructure was never built to handle.<\/p>\n
The result? A coming flood of critical updates<\/a> across every layer of the tech stack, all at once. They\u2019re calling it a \u201cpatch wave.\u201d Organizations that aren\u2019t ready will be caught flat-footed. That\u2019s the problem the NCSC is trying to get ahead of. As more AI tools gain this capability, the gap between \u201cflaw discovered\u201d and \u201cflaw exploited\u201d shrinks from weeks to hours. The NCSC\u2019s guidance is direct:<\/p>\n Prioritize anything internet-facing first, then work inward<\/p>\n Enable automatic updates wherever possible<\/p>\n Legacy systems that can\u2019t receive patches need to be replaced, not ignored<\/p>\n Assume incoming updates will be critical severity, not routine<\/p>\n The warning didn\u2019t come out of nowhere. In April, Anthropic unveiled Claude Mythos<\/a> Preview, a model so effective at finding software vulnerabilities that Anthropic refused to release it publicly. During testing, it found over 2,000 previously unknown flaws across major operating systems and browsers, including a 27-year-old bug in OpenBSD and a 17-year-old remote code execution flaw in FreeBSD. Over 99% of what it found remains unpatched today.<\/p>\n But the urgency is already materializing. Last week, researchers at security firm Theori used their own AI tool to scan Linux\u2019s cryptographic code. It took about an hour. What they found (dubbed \u201cCopy Fail\u201d) grants hackers full root access<\/a> to every major Linux distribution shipped since 2017. One 732-byte script. One hundred percent reliability. A fix exists, but exploit details went public before all distributions had issued patches.<\/p>\n You don\u2019t run a server. You don\u2019t manage patches. But your paycheck, your medical records, and your taxes all live on systems that do.\u00a0<\/p>\n These systems were built assuming bugs get found slowly, by humans, one at a time. That assumption just broke. Anthropic says that over 99% of what Mythos<\/a> found remains unpatched<\/a>. Copy Fail is just one example of what happens when that window stays open too long. The vulnerabilities are known. The clock is running. The only question is who finds them next.<\/p>\n Editor\u2019s note: This content originally ran in the newsletter of our sister publication, <\/strong>The Neuron<\/strong><\/a>. To read more from The Neuron, <\/strong>sign up for its newsletter here<\/strong><\/a>.<\/strong><\/p>\n The post \u2018Patch Wave\u2019 Warning: AI May Expose Decades of Hidden Software Bugs<\/a> appeared first on eWEEK<\/a>.<\/p>","protected":false},"excerpt":{"rendered":" The UK\u2019s National Cyber Security Centre issued an unusual warning about what\u2019s coming next. AI, the NCSC says, is now capable of unearthing decades of buried software flaws at a scale and speed that the industry\u2019s entire patching infrastructure was never built to handle. The result? A coming flood of critical updates across every layer […]<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[],"class_list":["post-8077","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8077"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8077"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8077\/revisions"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8077"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8077"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8077"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Why this matters<\/h2>\n