AI is compressing attack timelines. Here's how agencies can respond.

Anthropic recently revealed that its Mythos preview model had identified thousands of zero-day vulnerabilities across every major operating system and web browser, including a 27-year-old bug in OpenBSD. This has taken the security community by storm. 

The risks for federal and state chief information security officers (CISOs) are higher than those of their private sector counterparts, not just in degree but in kind. Large, well-funded foreign adversaries actively target government systems and will deploy their best, newest tooling there first. These aren't average attackers; they are highly resourced, and they are already developing or deploying AI-assisted attack tools against U.S. government systems. CISA has documented that nation-state actors are adept at exploiting zero-day vulnerabilities, and AI-assisted discovery is a logical extension of that capability.

The asymmetry problem

For years, the conventional wisdom was that AI would be a double-edged sword, helping attackers find vulnerabilities, but also helping defenders close them. That framing now looks dangerously optimistic. AI is compressing attack timelines faster than most defense organizations can respond, and the gap is widest in the public sector.

Consider the baseline before AI entered the picture: the median time for an organization to remediate half of its open, internet-facing vulnerabilities was 361 days. Exploitation, meanwhile, takes hours. One-third of exploited CVEs in the first half of 2025 showed attacker activity on or before the day of public disclosure, before most teams even knew there was anything to patch.

For federal agencies and SLED organizations, those numbers are often worse. Legacy systems, complex procurement cycles, stretched security staffs, and compliance-heavy environments all compound to slow remediation to a near halt. AI is further compressing the attacker’s window. The asymmetry is real, and it’s growing.

The early assumption was that AI, a tool equally available to attackers and defenders, would level the playing field. That assumption is proving to be incorrect. The evidence now points in one direction: in the near term, AI is likely to benefit attackers more than defenders. For the public sector, that imbalance is the problem to solve.

How to act now

Closing the gap requires action on two fronts simultaneously: hardening the software development pipeline so vulnerabilities never ship, and increasing proactive threat hunting so attackers don’t find exploitable gaps first.

• Red team before adversaries do. The most underutilized asset in public sector security is proactive offense. Red team exercises, bug bounties, and security hackathons are no longer a nice-to-have. If AI is helping attackers discover vulnerabilities at scale, defenders need structured programs to find them first. Government agencies that invest in red teaming now will be dramatically better positioned than those waiting for CVE disclosures.
• Shift security left, all the way to the IDE. Too many agencies still treat security as a gate at the end of the development process. With AI accelerating code production and introducing new vulnerabilities in the process, that model is untenable. Hardcoded secrets, known-vulnerable imports, and deprecated API patterns need to be flagged before a developer pushes a commit, not during an audit six months later. This maps directly to CISA’s Secure by Design principles and should be a baseline expectation for any government contractor or internal development team.
• Enforce security policy across every pipeline, not just compliant ones. In large agencies with hundreds of active projects, inconsistent enforcement is the rule rather than the exception. Security policies need to be defined once and enforced everywhere, at the merge request level, across every group and project, with exceptions reviewed, approved, and logged. The merge request is the enforcement point. If a line of code can enter a production system without passing a defined set of controls, the gap will be found.
• Use AI agents to discover and remediate vulnerabilities. Responding to AI-assisted attacks requires AI-assisted defense. That means deploying security agents that can scan dependency graphs across every project with full context, identify reachable vulnerable call paths, and propose fixes, all within the same governance process as human-authored changes. Leveraging AI to identify vulnerabilities during the development process ensures fewer vulnerabilities for adversaries to exploit after the software is shipped. Critically, every AI-generated fix must move through the same approval and audit trail as any other change. In a FedRAMP- or STIG-governed environment, that process discipline also makes AI remediation viable without introducing new risk.
• Build for auditability from the start. When an auditor or oversight body asks for evidence that a specific security policy was enforced on a specific change, the answer should be immediately accessible. Evidence generated in flight, such as scan results, applied policies, approvers, and merge timestamps, serves as both a compliance and a security asset. Assembling audit evidence after the fact means discovering gaps.

The window is open, but not for long

Anthropic has restricted access to Mythos, and the company’s own offensive cyber researchers estimate that comparable attacker tooling will be available within six to twelve months. Every month between now and then is an opportunity to strengthen your software supply chain, enforce policy across your pipelines, and build the proactive hunting capacity that the threat environment now demands.

Agencies that act now will be better positioned to demonstrate resilience when it matters. The zero-day clock is already running.

Rob Smith is area vice president for public sector at GitLab.