Because age and prior testing no longer imply safety. The article shows that flaws can survive for years, even through millions of tests, and still be exploitable once a model can reason across code paths and keep trying. Organisations should treat reachability and privilege as stronger risk signals than age alone.
Why This Matters for Security Teams
Low-severity and long-standing bugs become more dangerous when an AI-assisted attacker can search, chain, and retry across a wider attack surface than a human operator. A flaw that looked harmless in isolation may become the missing link for secret theft, privilege escalation, or lateral movement once the attacker can reason over code paths and automate exploitation. That is why age, low CVSS, and “already tested” history are weak comfort signals in autonomous attack scenarios. Current guidance suggests that reachability, identity exposure, and privilege boundaries matter more than the age of the defect.
NHIMG’s research on The 52 NHI breaches Report shows how identity compromise often matters more than traditional perimeter assumptions, while OWASP NHI Top 10 highlights that autonomous systems amplify small weaknesses into repeatable abuse paths. In practice, many security teams discover the true impact of “minor” bugs only after an identity has already been abused and the attacker has used it to keep moving.
That pattern is also consistent with CISA cyber threat advisories, which repeatedly show that initial access often comes from a mundane weakness combined with identity misuse. For AI-assisted attackers, the difference is speed and persistence, not just novelty.
How It Works in Practice
AI-assisted operators do not need every bug to be serious. They need one weak seam that a model can connect to adjacent weaknesses, exposed secrets, or overbroad permissions. A forgotten debug endpoint, a stale library issue, or an old deserialization path may not be enough on its own. But if it is reachable from a workload with standing credentials, or if it exposes an NHI token, the risk changes immediately. That is why a defect’s exploitability depends on context, not age.
In practical terms, teams should triage bugs by asking four questions: can it be reached, can it leak Secrets, can it cross an identity boundary, and can it be retried at scale? This is where DeepSeek breach is instructive, because exposed data and credentials turn a single weakness into a platform for broader abuse. The same logic appears in the Anthropic — first AI-orchestrated cyber espionage campaign report, where automation and tool use magnified the impact of access that might have looked limited in a human-led intrusion.
- Prioritise reachable bugs over dormant ones, even if the dormant ones score higher on paper.
- Treat secrets exposure as a severity multiplier, not a separate issue.
- Review service accounts, API keys, and tokens with the assumption that a model can keep probing until it finds a path.
- Use runtime authorization checks so access is decided from task context, not only static role assignment.
For autonomous workloads, JIT credentials, workload identity, and real-time policy evaluation are becoming the practical answer, but there is no universal standard for this yet. These controls tend to break down when legacy services still rely on long-lived shared credentials and flat network trust because the attacker only needs one old flaw to pivot into everything else.
Common Variations and Edge Cases
Tighter vulnerability triage often increases operational overhead, requiring organisations to balance faster remediation against more review work. That tradeoff is real, especially when teams already struggle with alert fatigue and fragmented secrets ownership. For example, GitGuardian and CyberArk report that the average estimated time to remediate a leaked secret is 27 days, which gives attackers a large window if a “minor” bug exposes credentials. Their IOS app secrets leakage report reinforces how easily hidden exposure can persist inside apparently mature codebases.
There is also no universal standard for how to score AI-assisted exploit chains yet. Best practice is evolving toward combining CVSS with exposure, privilege, and identity context, then mapping those findings to MITRE ATLAS adversarial AI threat matrix and Top 10 NHI Issues for agent and workload abuse patterns. The edge case is a bug that seems low risk in isolation but sits near a model endpoint, a secrets store, or an overprivileged automation account. In those environments, “old” often means “well-known to the attacker,” not “safe to ignore.”
Teams should also watch for systems with many secrets manager instances, delegated tool access, or shared service identities. In those setups, a small weakness can become a durable foothold because the attacker is not trying once and leaving; the model can adapt, vary inputs, and keep searching until a path opens.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 and OWASP Agentic AI Top 10 address the attack and risk surface, while NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| OWASP Non-Human Identity Top 10 | NHI-03 | Focuses on NHI credential exposure and abuse, central to bug-to-breach chains. |
| OWASP Agentic AI Top 10 | A1 | Agentic systems turn small defects into chained actions and privilege escalation. |
| NIST AI RMF | AI RMF addresses context, accountability, and risk evaluation for AI-enabled abuse. |
Prioritise reachable flaws that can expose or misuse NHI secrets and rotate them fast.
