{"id":40160,"date":"2026-07-16T04:29:04","date_gmt":"2026-07-16T04:29:04","guid":{"rendered":"https:\/\/www.insentragroup.com\/nz\/?p=40160"},"modified":"2026-07-16T05:18:09","modified_gmt":"2026-07-16T05:18:09","slug":"ai-vulnerability-discovery-is-rewriting-patch-management","status":"publish","type":"post","link":"https:\/\/www.insentragroup.com\/nz\/insights\/geek-speak\/secure-workplace\/ai-vulnerability-discovery-is-rewriting-patch-management\/","title":{"rendered":"AI Vulnerability Discovery Is Rewriting Patch Management\u00a0\u00a0"},"content":{"rendered":"\n<p>AI models can now find and&nbsp;weaponise&nbsp;software vulnerabilities in minutes to hours instead of weeks. Anthropic&#8217;s Claude Mythos, Microsoft&#8217;s MDASH, and the multi-vendor Project&nbsp;Glasswing&nbsp;initiative are already surfacing thousands of new CVEs across major operating systems, browsers, and open-source software. The result is more patches, released more often, with less time to react. That shift is turning patch management from a monthly IT task into a continuous operational discipline. Managed patching services like&nbsp;Insentra&#8217;s&nbsp;exist specifically to absorb that new volume.&nbsp;<\/p>\n\n\n\n<p>For twenty years, Patch Tuesday has been a predictable fixture of enterprise IT. A monthly cadence. A maintenance window. A Change Advisory Board meeting. Test, approve, deploy, repeat.&nbsp;<\/p>\n\n\n\n<p>That rhythm is breaking down, not because of a process failure, but because the thing it was built to manage has fundamentally changed pace.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is&nbsp;actually changing&nbsp;in vulnerability management right now?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>AI systems are now discovering,&nbsp;validating&nbsp;and in some cases exploiting software vulnerabilities at a speed no human research team can match, and multiple major vendors, including Anthropic, Microsoft, Mozilla and the Cloud Security Alliance, are independently confirming it in 2026. The practical effect is a sharp, sustained increase in the number of security patches organisations need to assess and deploy, arriving with far less warning than before.&nbsp;<\/p>\n\n\n\n<p>Three separate but related developments are driving this shift, and&nbsp;it&#8217;s&nbsp;worth being precise about which is which, because a lot of the current commentary blends them together:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Claude Mythos:<\/strong>&nbsp;Anthropic&#8217;s&nbsp;frontier AI model, built for autonomous vulnerability discovery and exploit construction&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Project&nbsp;Glasswing:<\/strong>&nbsp;Anthropic&#8217;s&nbsp;controlled early-access programme that puts Mythos in the hands of around 50 critical infrastructure partners, including Microsoft, AWS, Apple, Google, CrowdStrike, Palo Alto Networks, Cisco, JPMorgan&nbsp;Chase&nbsp;and the Linux Foundation&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>MDASH:<\/strong>&nbsp;Multi-Model Agentic Scanning Harness,&nbsp;is Microsoft&#8217;s AI-powered vulnerability discovery platform. It uses multiple specialised AI models to&nbsp;identify,&nbsp;validate&nbsp;and prove software vulnerabilities before they reach customers.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>They&#8217;re&nbsp;connected, but they are not the same&nbsp;initiative, and&nbsp;confusing them makes it harder to understand who&nbsp;is responsible for&nbsp;what.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is Claude Mythos, and why does it matter for patch management?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Claude Mythos is a frontier AI model from Anthropic, announced in preview form on 7 April 2026, capable of autonomously finding and constructing working exploits for software vulnerabilities at a level matching top human security&nbsp;researchers. Anthropic has not released it publicly.&nbsp;It&#8217;s&nbsp;currently accessible only to a limited set of partner organisations through a controlled programme called Project&nbsp;Glasswing.&nbsp;<\/p>\n\n\n\n<p>The reason it matters commercially, not just technically, is speed. In controlled testing against patched Firefox vulnerabilities, Mythos produced its first proof-of-concept exploit in around 12 minutes and generated 14 of 18&nbsp;possible exploits&nbsp;within&nbsp;roughly three&nbsp;hours, eight of them full, working exploits capable of arbitrary code execution. In a separate Windows kernel privilege-escalation test using only compiled binaries (no source code), Mythos produced its first working proof-of-concept in 31 minutes and all 18 crash reproductions within six hours, including eight complete escalation chains to full system access.&nbsp;<\/p>\n\n\n\n<p>For context,&nbsp;the WannaCry ransomware worm took 59 days after a patch was released before attackers weaponised it.&nbsp;That&#8217;s&nbsp;the scale of compression the industry is now dealing with.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is Project&nbsp;Glasswing, and does it affect businesses that aren&#8217;t part of it?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Project&nbsp;Glasswing&nbsp;is&nbsp;Anthropic&#8217;s&nbsp;early-access initiative that gives&nbsp;roughly 40\u201350 major software and infrastructure&nbsp;providers controlled&nbsp;use of Claude Mythos to find and fix vulnerabilities in their own products before public disclosure. It matters to every business, not just the partners, because the vulnerabilities it finds, in operating systems, browsers, and widely used open-source libraries, affect anyone running that software, regardless of whether their organisation is directly involved.&nbsp;<\/p>\n\n\n\n<p>Anthropic has reported that&nbsp;Glasswing&nbsp;partners have collectively surfaced more than 10,000 high- or critical-severity vulnerabilities so far. In a separate exercise scanning over 1,000 widely used open-source projects, Mythos surfaced 23,019 vulnerabilities, of which&nbsp;roughly 6,200&nbsp;were assessed as high or critical severity, a figure independently&nbsp;validated&nbsp;by external security researchers at a 90.6% true-positive rate. One of those findings, a flaw in the&nbsp;wolfSSL&nbsp;cryptography library used across billions of devices, could have allowed attackers to forge certificates for fake but convincing banking or email sites. It has since been patched.&nbsp;<\/p>\n\n\n\n<p>Public CVE disclosures stemming from Project&nbsp;Glasswing&nbsp;findings began rolling out in July 2026, and more are expected as partners work through their backlogs.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What is Microsoft&#8217;s MDASH, and how is it different from Claude Mythos?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>MDASH is Microsoft&#8217;s own internally built &#8220;agentic scanning harness,&#8221; announced 12 May 2026, that runs more than 100 specialised AI agents to scan, debate and prove&nbsp;vulnerabilities across Microsoft&#8217;s codebase.&nbsp;It&#8217;s&nbsp;a separate system from Claude Mythos, though Microsoft is also a Project&nbsp;Glasswing&nbsp;partner using Mythos alongside it. On the public&nbsp;CyberGym&nbsp;benchmark, MDASH scored 88.45%, ahead of both Claude Mythos Preview (83.1%) and GPT-5.5 (81.8%) at the time of testing.&nbsp;<\/p>\n\n\n\n<p>MDASH&#8217;s first public disclosure surfaced 16 previously unknown Windows vulnerabilities, including four critical remote-code-execution flaws in core networking and identity components, all patched in the May 2026 Patch Tuesday release. Microsoft has also confirmed it is updating its Secure Development Lifecycle to fold AI-specific risks, such as prompt injection, agent abuse, and model behaviour that leads to data exposure, directly into how it classifies and prioritises vulnerabilities. That means Copilots, agents and model integrations are now formally inside the patch conversation, not sitting outside it.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Why are Patch Tuesdays getting bigger?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Because AI-assisted discovery finds vulnerabilities that would have taken human&nbsp;researchers&nbsp;years to uncover, vendors are&nbsp;disclosing&nbsp;and patching far more of them, far faster, than the traditional monthly cycle was designed to absorb. April 2026&#8217;s Patch Tuesday alone addressed 163 CVEs. Mozilla, using Mythos-class tooling ahead of a Firefox release, found 271 vulnerabilities in a single pre-release scan and has since shifted from monthly to&nbsp;roughly weekly&nbsp;security updates for some products.&nbsp;<\/p>\n\n\n\n<p>CVE submissions industry-wide grew 263% between 2020 and 2025, a volume increase so steep that the U.S. National Vulnerability Database shifted to a triage-only model in April 2026, meaning it can no longer enrich every submission with full analysis before publication. That puts more of the prioritisation burden back on individual organisations, at exactly the moment volume is climbing.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How much time do you&nbsp;actually have&nbsp;to patch a vulnerability now?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Less than you think, and the gap is shrinking fast: Mandiant&#8217;s 2026 M-Trends research shows the average time between a vulnerability becoming public and attackers exploiting it has gone from 63 days in 2018, to 5 days in 2023, to attackers now exploiting vulnerabilities an average of 7 days before a patch is even released. AI-assisted exploit construction, of the kind&nbsp;demonstrated&nbsp;by Claude Mythos, is a major contributor to that trend.&nbsp;<\/p>\n\n\n\n<p>This single statistic is&nbsp;arguably the&nbsp;most important number in this entire shift, because it invalidates the assumption most patch management programmes are still built on: that&nbsp;there&#8217;s&nbsp;a reasonable buffer between &#8220;patch released&#8221; and &#8220;attacker weaponised.&#8221; In 2026, for a growing share of vulnerabilities, that buffer is gone or negative.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Does finding more vulnerabilities automatically make software safer?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Not on its own. Finding a vulnerability earlier is unambiguously good, but the security benefit only materialises once the fix is&nbsp;actually tested,&nbsp;approved&nbsp;and deployed across every affected system, and that step&nbsp;hasn&#8217;t&nbsp;gotten any faster just because discovery has. Every patch that lands still needs someone to&nbsp;determine&nbsp;exposure, test against dependencies, secure a maintenance window, and confirm the deployment&nbsp;didn&#8217;t&nbsp;break anything else.&nbsp;<\/p>\n\n\n\n<p>Most organisations already run close to capacity on their existing patch cadence:&nbsp;Ponemon&nbsp;Institute research puts unpatched vulnerabilities at the top of security leaders&#8217; cyber risk concerns, with 54% of respondents actively grappling with the issue today, before AI-accelerated discovery adds materially more validated findings to the queue. Multiplying the number of validated, urgent findings entering that pipeline&nbsp;doesn&#8217;t&nbsp;add a bit more work. It changes the shape of the work entirely. The bottleneck has moved.&nbsp;It&#8217;s&nbsp;no longer &#8220;can we find the vulnerability.&#8221;&nbsp;It&#8217;s&nbsp;&#8220;do we have the operational capacity to act on everything we now know.&#8221;&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Should organisations just try to patch everything faster?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>No, and several independent security bodies are now warning explicitly against that instinct. The Cloud Security Alliance has cautioned that undifferentiated speed, meaning trying to patch everything as fast as possible regardless of actual exploitability in your specific environment, creates its own risk, because it burns finite engineering capacity on lower-priority findings while genuinely critical ones queue up behind them.&nbsp;<\/p>\n\n\n\n<p>This is where frameworks like Gartner&#8217;s Continuous Threat Exposure Management (CTEM) come in: scoping, discovery, prioritisation,&nbsp;validation&nbsp;and mobilisation as an ongoing cycle rather than a monthly event. Around 75% of security leaders already have a CTEM programme in place or are actively building toward one, according to recent Gartner Peer Insights data, a strong signal that &#8220;patch smarter, not just faster&#8221; is becoming the dominant industry response.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What should IT and security leaders be asking their teams right now?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Rather than the old, binary question,&nbsp;<em>are we&nbsp;patched?<\/em>,&nbsp;leadership conversations are shifting toward operational readiness:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Can we&nbsp;determine&nbsp;whether a new vulnerability&nbsp;actually affects&nbsp;us within hours, not days?&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do we know, without checking three separate systems, which of our assets are internet-facing, business-critical, or identity-adjacent?&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Can we deploy a critical patch to a high-risk system without waiting for the next scheduled change window?&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If we&nbsp;can&#8217;t&nbsp;patch&nbsp;immediately, do we have compensating controls (isolation, enhanced monitoring, access restrictions) ready to go?&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Are our AI tools, copilots,&nbsp;agents&nbsp;and model integrations formally inside our vulnerability management scope?&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>If patch volume doubled over the next 24 months, would our current operating model hold up, or break?&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>These are resilience questions, not compliance questions. A &#8220;yes&#8221; to a checklist audit means far less than a demonstrated ability to move quickly when it&nbsp;actually matters.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How can organisations keep up without doubling headcount?<\/strong>&nbsp;<\/h2>\n\n\n\n<p>In practice, most organisations are still trying to absorb this in-house, and the strain is already visible. A typical internal IT team is expected to track new patch releases across dozens of different vendors, work out which ones actually apply to their environment, assess the risk each one carries, and then schedule and execute deployment, all on top of the rest of their day job running the business&#8217;s technology. Recent industry research puts numbers on the pressure that creates: 98% of IT and security professionals say patching disrupts their work enough to force them to reallocate resources away from other priorities, 77% of organisations need more than a week to deploy a patch once it&#8217;s released, and 68% name patch management as their single biggest vulnerability management challenge.&nbsp;Nearly two-thirds&nbsp;say the handoff between finding a vulnerability and&nbsp;actually remediating&nbsp;it is where their process breaks down.&nbsp;<\/p>\n\n\n\n<p>None of that accounts for the AI-accelerated volume increase already underway. With vendors like Anthropic, Microsoft and Mozilla now surfacing thousands of additional validated vulnerabilities a year, and CVE submissions industry-wide already up 263% since 2020, in-house teams that are struggling to keep up today are looking at a workload that is about to get meaningfully heavier, not lighter. Every extra day a validated, high-risk patch sits unassessed because the internal team&nbsp;hasn&#8217;t&nbsp;reached it yet is a day of exposure that&nbsp;didn&#8217;t&nbsp;need to exist.&nbsp;<\/p>\n\n\n\n<p>Through a structured, continuously operating patch management function, either built internally at meaningful scale or delivered as a managed service, rather than by asking an already-stretched internal team to simply absorb more urgent work on top of existing priorities. Most internal IT teams are already juggling infrastructure modernisation, hybrid work support, cloud platform management, and a steadily growing volume of security alerts. Adding a sharp, sustained increase in validated, time-critical patches on top of that&nbsp;isn&#8217;t&nbsp;a minor resourcing adjustment.&nbsp;It&#8217;s&nbsp;a different operating model.&nbsp;<\/p>\n\n\n\n<p>This is precisely the gap a mature managed patching service is designed to close: continuous monitoring of new security releases, risk-based prioritisation instead of blanket urgency, structured testing before deployment, consistent governance and&nbsp;reporting, and, critically, freeing internal teams to spend their time on the work that actually differentiates the business, rather than the recurring operational grind of keeping systems current.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How&nbsp;Insentra&nbsp;helps organisations keep pace with AI-accelerated patch cycles<\/strong>&nbsp;<\/h2>\n\n\n\n<p>Insentra&#8217;s&nbsp;managed patching services are built to take that entire burden off the client&#8217;s plate. We run a robust framework that continuously monitors and assesses vendor security patches across supported platforms, including Windows servers and endpoints, Citrix,&nbsp;IGEL,&nbsp;NetScaler and Intune-managed environments, so that instead of one internal team trying to track releases from dozens of vendors around their day job, a dedicated team is doing exactly that, all day, every day. That framework lets us rapidly&nbsp;identify&nbsp;which patches require immediate action based on their actual risk profile, rather than treating every release as equally urgent. Where a patch does require immediate action, we proactively notify the customer, then manage and execute the testing and deployment process end to end, governed by clear SLAs and reported with the visibility your board and auditors expect.&nbsp;<\/p>\n\n\n\n<p>The value&nbsp;isn&#8217;t&nbsp;just that the patches get done.&nbsp;It&#8217;s&nbsp;that the assessment and execution sit with a dedicated team whose only job is to do this well, rather than with an already-overloaded internal IT function trying to fit it in around everything else&nbsp;they&#8217;re&nbsp;responsible for. That frees your internal team to spend their time on the parts of the role that genuinely require an understanding of your business, its&nbsp;priorities&nbsp;and its risk appetite, rather than the recurring grind of chasing vendor advisories across multiple platforms. The result is more value delivered internally, and less risk introduced by patching that is slow,&nbsp;inconsistent&nbsp;or incomplete.&nbsp;<\/p>\n\n\n\n<p>As AI-driven vulnerability discovery becomes a permanent feature of the software landscape rather than a temporary spike, the organisations that come through it well&nbsp;won&#8217;t&nbsp;be the ones with the biggest security teams.&nbsp;They&#8217;ll&nbsp;be the ones with an operating model built to absorb the new pace of change, and a partner who already has.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.insentragroup.com\/nz\/contact\/\">Contact\u00a0Insentra<\/a>\u00a0about a managed patching assessment. Get a clear picture of your current patch posture, your exposure gaps, and what a fully managed model would look like for your\u00a0environment, before\u00a0the next wave of AI-discovered vulnerabilities lands on your desk.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Frequently Asked Questions<\/strong>&nbsp;<\/h2>\n\n\n\n<p><strong>What is Claude Mythos?&nbsp;<\/strong><\/p>\n\n\n\n<p>Claude Mythos is an Anthropic AI model, announced in preview form in April 2026, that can autonomously discover software vulnerabilities and construct working exploits for them at a level matching top human security&nbsp;researchers.&nbsp;It is not publicly available and is currently used only by select organisations through&nbsp;Anthropic&#8217;s&nbsp;Project&nbsp;Glasswing&nbsp;programme.&nbsp;<\/p>\n\n\n\n<p><strong>What is Project&nbsp;Glasswing?&nbsp;<\/strong><\/p>\n\n\n\n<p>Project&nbsp;Glasswing&nbsp;is&nbsp;Anthropic&#8217;s&nbsp;controlled early-access initiative giving&nbsp;roughly 40&nbsp;to 50 critical infrastructure and software companies, including Microsoft, AWS, Apple, Google and CrowdStrike, access to Claude Mythos to find and patch vulnerabilities in their own products before public disclosure.&nbsp;<\/p>\n\n\n\n<p><strong>What is Microsoft&#8217;s MDASH?<\/strong>&nbsp;<\/p>\n\n\n\n<p>MDASH is Microsoft&#8217;s own AI-powered &#8220;agentic scanning harness,&#8221; built separately from Claude Mythos, using more than 100 specialised AI agents to scan,&nbsp;validate&nbsp;and help remediate vulnerabilities across Windows and other Microsoft codebases.&nbsp;<\/p>\n\n\n\n<p><strong>Is Claude Mythos the same as MDASH?<\/strong>&nbsp;<\/p>\n\n\n\n<p>No. They are distinct systems built by different companies. Claude Mythos is&nbsp;Anthropic&#8217;s&nbsp;model, accessed by select partners through Project&nbsp;Glasswing. MDASH is Microsoft&#8217;s own internally developed system. Microsoft uses both.&nbsp;<\/p>\n\n\n\n<p><strong>Why are there more Windows and browser security updates than before?&nbsp;<\/strong><\/p>\n\n\n\n<p>Because AI-assisted vulnerability discovery tools like Claude Mythos and MDASH are finding far more real, exploitable bugs, including issues that have existed undiscovered for years, than traditional human-led research could uncover at the same pace. Vendors are patching what they find.&nbsp;<\/p>\n\n\n\n<p><strong>How much time do businesses have to patch after a vulnerability is&nbsp;disclosed?&nbsp;<\/strong><\/p>\n\n\n\n<p>Less than they used to. Industry research shows attackers are now exploiting some vulnerabilities an average of seven days before a patch is even released, down from a 63-day gap in 2018. Assume the buffer between disclosure and exploitation is short or already gone.&nbsp;<\/p>\n\n\n\n<p><strong>Does my business need to worry about this if&nbsp;we&#8217;re&nbsp;not a Project&nbsp;Glasswing&nbsp;partner?&nbsp;<\/strong><\/p>\n\n\n\n<p>Yes. The vulnerabilities being found affect the operating systems,&nbsp;browsers&nbsp;and open-source software that&nbsp;virtually every&nbsp;business runs, regardless of whether the organisation itself is part of the discovery programme.&nbsp;<\/p>\n\n\n\n<p><strong>Should we just patch everything as fast as possible?&nbsp;<\/strong><\/p>\n\n\n\n<p>Not indiscriminately. Security bodies including the Cloud Security Alliance recommend risk-based prioritisation, meaning patching genuinely exploitable, high-impact vulnerabilities first, rather than treating every finding as equally urgent, which can exhaust engineering capacity on lower-priority issues.&nbsp;<\/p>\n\n\n\n<p><strong>What&#8217;s&nbsp;the best way for a resource-constrained IT team to keep up?&nbsp;<\/strong><\/p>\n\n\n\n<p>A structured, continuously operating patch management process, whether built in-house or delivered through a managed service, that handles monitoring, prioritisation,&nbsp;testing&nbsp;and deployment on an ongoing basis, rather than in periodic bursts.&nbsp;<\/p>\n\n\n\n<p><strong>How does&nbsp;Insentra&#8217;s&nbsp;managed patching service help with this?&nbsp;<\/strong><\/p>\n\n\n\n<p>Insentra&nbsp;runs a dedicated team and framework that continuously monitors and risk-assesses vendor patches across servers, endpoints, Citrix,&nbsp;IGEL,&nbsp;NetScaler and Intune-managed environments, proactively notifies customers when a patch needs immediate action, and manages testing, deployment and reporting end to end under clear SLAs, so internal teams can focus on higher-value work instead of tracking advisories across multiple vendors.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI models can now find and&nbsp;weaponise&nbsp;software vulnerabilities in minutes to hours instead of weeks. Anthropic&#8217;s Claude Mythos, Microsoft&#8217;s MDASH, and the multi-vendor Project&nbsp;Glasswing&nbsp;initiative are already surfacing thousands of new CVEs across major operating systems, browsers, and open-source software. The result is more patches, released more often, with less time to react. That shift is turning&hellip; <a class=\"more-link\" href=\"https:\/\/www.insentragroup.com\/nz\/insights\/geek-speak\/secure-workplace\/ai-vulnerability-discovery-is-rewriting-patch-management\/\">Continue reading <span class=\"screen-reader-text\">AI Vulnerability Discovery Is Rewriting Patch Management\u00a0\u00a0<\/span><\/a><\/p>\n","protected":false},"author":63,"featured_media":40161,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"content-type":"","footnotes":""},"categories":[20],"tags":[],"class_list":["post-40160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-workplace","entry"],"_links":{"self":[{"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/posts\/40160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/users\/63"}],"replies":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/comments?post=40160"}],"version-history":[{"count":2,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/posts\/40160\/revisions"}],"predecessor-version":[{"id":40163,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/posts\/40160\/revisions\/40163"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/media\/40161"}],"wp:attachment":[{"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/media?parent=40160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/categories?post=40160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.insentragroup.com\/nz\/wp-json\/wp\/v2\/tags?post=40160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}