There is a line of code inside FFmpeg that automated fuzzers have hit roughly five million times. A 16-year-old bug sat in that line, unobserved. Nothing flagged it. Then Anthropic pointed its new Claude Mythos Preview model at the codebase, and the model read the code, reasoned about what it was trying to do, and found the flaw. It also found thousands of other previously unknown vulnerabilities across every major operating system and every major browser. One in OpenBSD had been there for 27 years. OpenAI and others are building equivalent capabilities.
This is not a single-vendor moment.
It is the moment the physics of software security changed.
The math that matters
Sergej Epp's Zero Day Clock, built on 3,515 CVE-exploit pairs from CISA KEV, VulnCheck KEV, and XDB, tells the story in four numbers:
- In 2018, the median time from vulnerability disclosure to first observed exploit was 771 days. Organizations had over two years to patch.
- By 2023, that window was 6 days.
- By 2024, it was 4 hours.
- In 2025, many exploited vulnerabilities were weaponized before they were publicly disclosed.
Meanwhile, the average organization still takes 20 days to test and deploy a patch. Most can only remediate around 10% of new vulnerabilities per month. You cannot close that gap with faster patching. Not quarterly. Not monthly. Not even, realistically, weekly.
That math does not math.
Why AI tips the game toward offense
There is a deeper reason AI accelerates offense faster than defense, and every security leader should understand it.
Offense has the cheapest verifier in cybersecurity. Did the exploit succeed? The answer is binary and instant. You popped the shell, or you did not. Machine learning compounds on that kind of signal.
Defense has the opposite problem. Is this alert real? Is this system secure? The feedback is ambiguous, slow, and expensive. Noisy signal, broken loop. AI works better on the side with the clean verifier, which is why AI-assisted exploitation has industrialized faster than AI-assisted defense.
This is the structural truth underneath the Mythos numbers. Anthropic did not build a weapon. A general-purpose frontier model simply got good enough at reading code to swing the verification asymmetry even further toward attackers.
Every lab building frontier models will cross this threshold, and based on where the capability curves sit today, my forecast (speculation, but the planning assumption I am operating under) is that open-source models with Mythos-class code-reasoning capabilities will exist within 12 months—models that anyone with a GPU can run locally and unsupervised.
What has to change
That is the timeline every software vendor and every enterprise security team should be organizing around. So, what has to change?
The way we test code: Static analysis and periodic pen tests were built for a world where vulnerability discovery was slow and expensive. That world is gone. Testing must become continuous, AI-driven, and reasoning-based. Models tracing execution paths, chaining flows, finding the exploit chain, not just the isolated bug. Pattern matching is table stakes. Reasoning is the bar.
The way we develop code: Security cannot remain a gate at the end of the pipeline. It must move into the act of writing, with AI-assisted tooling flagging risky constructs before they are committed.
The way we distribute code: Disclosure timelines, update cadences, and fleet management practices were all calibrated to a slower clock. Every software vendor needs to honestly ask whether its current processes survive in a world where the exploit precedes the advisory.
That applies to code we have not yet shipped. The equally hard question is what we do about code that is already in production. This is where the real shift happens. It is also where F5 is built to lead.
The runtime is the answer
When the patch window closes, the traffic path remains. That is not a fallback. In the new math, it is the primary control.
Runtime protection inverts the verification asymmetry. Instead of asking whether a hypothetical flaw exists somewhere in a codebase, the runtime observes what an application does and intervenes when behavior diverges from what is intended. The signal is concrete. The feedback is clean. An attacker can find a thousand zero-days in your code, but if the exploit cannot traverse the data path, the bug does not become a breach.
F5 has lived in the data path for 30 years. F5 BIG-IP, F5 NGINX, and F5 Distributed Cloud Services—the F5 Application Delivery and Security Platform—were built for exactly this layer. The architectural decision we made, that the application is defended where traffic flows, is the one that matters most in an era when code cannot be patched fast enough. Everything we are now doing in AI traffic management and runtime security extends that same decision into the workloads customers are building today.
What we are doing with our own code
We are also doing the work on the other side of the equation. We run frontier AI models against our own codebase as part of our operational practice.
The models read source directly, trace risky flows across modules and languages, and reason over real implementation details. A second verification pass separates signal from noise. Findings are classified with CWE mappings, severity ratings, file and line references, and exploitability context, and they route directly into prioritized remediation.
The goal is not to find isolated bugs. It is about uncovering exploit chains, prioritizing what matters, and turning findings into hardened code. Each cycle builds a knowledge base that makes the next one faster and more precise. As frontier models get sharper, our use of them sharpens with them. Our codebase will always be tested against the best tools and models that exist, because that is exactly what adversaries will use.
The cost, and who pays it
I want to be direct about what this means for customers.
More vulnerabilities disclosed is not a sign of weaker software. It is a sign of stronger processes. Every flaw we find and fix before an attacker does is one fewer exposure in production. But every fix is also a patch someone must deploy. The people running BIG-IP in production will see more patches, and update cycles that used to run quarterly cannot stay that way. We are investing in F5 Insight and fleet management to compress the full loop: We find it, fix it, validate it, and you deploy it. And where deployment takes time, the traffic path keeps the application protected while the code catches up.
That last clause is the whole compressed argument:
- Find faster than attackers can exploit.
- Fix faster than exploits can be weaponized.
- Protect at runtime while the code catches up.
The three disciplines only work together. None of them works alone.
The new normal
This is how software security operates from here on out. Not a campaign, not a reaction to a single model release. The patch window closed and will not reopen.
Some companies will treat this as a moment to weather. Only those companies that accept this as the new normal and continuously rebuild around it at the code and traffic layers will thrive.
F5 is building for the new normal. So are our customers. We will do this important work together.
About the Author
Kunal Anand leads the F5 product organization as Chief Product Officer. Responsible for product vision, strategy, and execution, he ensures development of breakthrough solutions that solve critical challenges and create exceptional experiences for customers. In his previous role as Chief Technology and AI Officer, Kunal charted the company’s technology and AI strategy and vision. Prior to F5, Kunal held the dual role of Chief Technology Officer and Chief Information Security Officer at Imperva. His journey to Imperva began in 2018 with the acquisition of Prevoty, an application security startup he co-founded in 2013. Before joining Prevoty, he was the Director of Technology at BBC Worldwide. Kunal has a deep history of innovation and technical expertise, and has held roles leading security, data, technology, and engineering teams at Gravity, MySpace, and the NASA Jet Propulsion Lab. Kunal has over 15 years of experience in AI and machine learning, ranging from model training, employing AI-driven algorithms to enhance products, and designing and implementing AI architectures. Kunal holds a Bachelor of Science degree in computer science from Babson College.
More blogs by Kunal AnandRelated Blog Posts
Securing web apps without complexity: How F5’s AI-powered WAF transforms WAF security
See why AI-powered WAF in F5 Distributed Cloud WAF is a true game changer for web application firewalls—addressing the need for higher threat protection and fewer false positives.
30 years at the application layer
On its 30th anniversary, F5 looks back to key moments that shaped the company and ahead to a future of opportunity.
Independent tests reveal F5 provides strong protection against traditional, emerging, and targeted AI app attacks
In independent, third-party tests by SecureIQLab, F5 AI Guardrails earned a 98.36% total security score and F5 WAAP alongside F5 AI Guardrails earned a total security score of 97.09%.
F5 AI Remediate: Closing the AI security gap
F5’s new offering, F5 AI Remediate, shortens the path from AI vulnerability discovery to deployable protection.