Skip to content
Tech News
← Back to articles

AI is set to completely transform cybersecurity — here’s how researchers must prepare

read original more articles

For much of my career in computer science, I viewed the detection of software vulnerabilities as a craft. The best researchers combine technical skill with intuition: the ability to tell whether a software crash was a minor glitch or a sign of a more serious vulnerability. For decades, machines found bugs and humans decided which ones mattered. Now, with the advance of artificial intelligence, that is set to change drastically.

My research has focused mostly on building better fuzzers — automated tools that bombard software with millions of unexpected inputs to uncover bugs. Generating crash reports (detailed files that record the failures) was rarely the difficult part. The real challenge came afterwards. Someone still had to investigate each crash, determine whether it was exploitable, decide if it warranted disclosure, and work out how it could be fixed.

The uncritical adoption of AI in science is alarming — we urgently need guard rails

But AI is spurring a radical shift in how cybersecurity operates, turning vulnerability research into a scalable process that is powered by models, training data and computing power.

There are immense challenges as we navigate this path. Here, I sketch the contours of the emerging landscape and lay out open challenges.

AI systems can now do much more than generate code. Models that can reason, use tools and run experiments are increasingly capable of triaging software crashes, identifying root causes, assessing exploitability and even proposing fixes.

AI can review code that would otherwise go unexamined and shorten the path from bug discovery to a tested fix. Earlier this year, Mozilla, a technology firm in San Francisco, California, used a frontier AI model to uncover and patch 271 vulnerabilities in its Firefox browser for a single version release — a lot more than its existing tools and reviewers had found each month over the previous year.

AI is transforming the economy — understanding its impact requires both data and imagination

The sheer number of vulnerability reports that AI enables is stretching the review capacity of even experienced developers. The Linux kernel, the core open-source software that underpins many computer systems, relies on people reporting bugs. But in May 2026, the team that maintains the Linux kernel responded to a surge of duplicate AI-assisted reports by clarifying how such findings should be submitted. The lesson is not that software maintainers are failing, but that machine-generated reports can easily overwhelm processes built for a world in which vulnerabilities were discovered at human speed.