Cisco revamps vulnerability disclosures for the AI era
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Aïda Amer/Axios
Cisco is moving to a twice-a-month model for unveiling newly fixed security flaws, rather than its current monthly cadence, the company said earlier today.
- A week before each release, Cisco will also preview which technologies and platforms will be affected by each drop so defenders will know what will need patching.
Why it matters: New AI models are pouring gasoline on bug discovery, forcing technology and security vendors to rethink how they responsibly disclose the bugs that researchers find in their products before malicious hackers get hold of them.
Driving the news: Starting in July, Cisco will start publishing disclosures about security fixes in its products on the first and third Wednesdays of the month.
- Those updates are currently monthly, barring any emergency rollouts.
What they're saying: "We've got an opportunity to not just move faster in individual-point problems, but really rethink how we're moving from being reactive to proactive in terms of system-hardening," Anthony Grieco, senior vice president and chief security and trust officer at Cisco, told Axios in an exclusive interview.
- "This isn't just about keeping pace with an individual thing with an individual threat," he added. "It's about how we're addressing the system-hardening and vulnerabilities at a depth and speed that previously was unattainable."
Between the lines: As advanced AI models like Mythos Preview and GPT-5.5-Cyber start to uncover security vulnerabilities at an unprecedented rate, cybersecurity teams are unable to keep up with the pace at which they need to start patching bugs.
- Some systems require a total reboot to install a patch — and others require several tests before an IT or security team is comfortable rolling it out.
- Last month, Anthropic said the roughly 50 partners who are using Mythos Preview have already uncovered more than 10,000 high- or critical-severity vulnerabilities across the "most systemically important software in the world."
Threat level: Over the last eight weeks, Cisco has used a multi-model AI harness to scan 1.8 billion lines of code over 25 coding languages across its wide-reaching technology portfolio.
- Previously, that level of scanning would've taken about eight years to complete, the company said in a blog post.
What to watch: Cisco plans to roll out a new product, called Live Protect, that gives customers a temporary shield against the exploitation of newly discovered vulnerabilities while they work to deploy permanent fixes.
- The product is designed to help customers bridge the gap between the discovery of a vulnerability and the deployment of a permanent software update.
- "It really is about architecting the future with AI, not just defending against AI," Grieco said.
