TL;DR: Frontier AI is shortening the time between vulnerability discovery and exploitation, leaving patching too slow to remain the primary clock of defense, according to Proofpoint. The practical shift is toward reducing exposure across people, suppliers, digital workflows, and AI agents while attack speed outpaces remediation.
NHIMG editorial — based on content published by Proofpoint: frontier AI and the shrinking zero-day defense window
Questions worth separating out
Q: How should security teams contain a breach when attackers can move faster than patch cycles?
A: Security teams should assume the first compromise will happen before every weakness is fixed and design limits around that assumption.
Q: Why do supplier and identity pathways matter in AI-accelerated attacks?
A: Supplier and identity pathways matter because many attacks now enter through trust relationships rather than direct technical exploitation.
Q: What breaks when security programmes rely on patching as the main defence?
A: Programmes break when they assume the patch arrives before the attack campaign scales.
Practitioner guidance
- Map controls to the exposure window Measure how long critical users, suppliers, service accounts, and AI workflows remain exploitable after a new threat is identified.
- Prioritise identity paths in exposure reduction plans Review which email, collaboration, supplier, and machine-identity paths can be used before patching completes.
- Shorten standing access wherever possible Replace broad, persistent access with short-lived, task-scoped permissions for staff, contractors, and workloads.
What's in the full article
Proofpoint's full analysis covers the operational detail this post intentionally leaves for the source:
- Threat model implications for email, collaboration, and supplier-facing controls where exposure reduction must happen before patch completion.
- The operational case for adaptive protection that propagates blocks and detections across a network of customers and environments.
- How practitioners should think about people, suppliers, and AI agents as part of the same attack surface.
- The questions security leaders should ask vendors about time-to-protection and signal propagation speed.
👉 Read Proofpoint's analysis of how frontier AI is compressing the zero-day defense window →
Frontier AI and the shrinking patch window: are controls keeping up?
Explore further
Patch velocity is no longer the defining security metric. When attackers can weaponise vulnerabilities within hours, the decisive question becomes how quickly exposure can be reduced across users, suppliers, and workflows. Vulnerability intelligence still matters, but it is now subordinate to containment, trust scoping, and propagation speed. Practitioners should treat time-to-exposure-reduction as a board-level control outcome.
A question worth separating out:
Q: Who is accountable when AI-enabled attacks bypass legacy access controls?
A: Accountability sits across IAM, security operations, and application owners because the failure spans authentication, telemetry, and abuse response. Frameworks such as the NIST Cybersecurity Framework 2.0 and Zero Trust architecture expect shared ownership of identity assurance, detection, and containment.
👉 Read our full editorial: Frontier AI is compressing the zero-day defense window