360 AI Security Research Report: Vulnerability mining capability becomes the key to security competition in the AI era

Recently, the 360 AI Security Research Institute released a report entitled "AI is creating a new security dilemma - from 'can we prevent it?' to 'can we respond in time?", proposing the concept of "AI security time gap" for the first time. The report points out that as AI enters the vulnerability analysis, code generation, and attack chain construction stages, the network security attack and defense is shifting from human response speed to machine speed, rewriting the global network security attack and defense rules. The report is based on research findings from public data such as CISA KEV, showing that the window from the disclosure of high-profile vulnerabilities to the appearance of usable PoC is continuously shrinking, with some high-value vulnerability scenarios entering the 24 to 72 hours range. At the same time, many organizations still operate vulnerability repair, approval, and disposal processes on a weekly or even monthly basis. The industry believes that the AI security time gap is not only a difference in attack and defense speed, but also a reflection of the gap in national-level network attack and defense capabilities in the dimension of time.