When Discovery Outpaces Remediation: Modeling AI-Accelerated Vulnerability Discovery in Interconnected Systems
For enterprise security teams, this work provides a theoretical framework to understand and mitigate risks from AI-driven vulnerability discovery, though it is an incremental extension of queueing and network models.
The paper models AI-accelerated vulnerability discovery in interconnected systems, showing that when discovery outpaces remediation, backlogs grow rapidly and systemic risk increases nonlinearly. Segmentation in hub-dominated topologies reduces propagated compromise more effectively than remediation speed alone, with the strongest defense combining automation and reduced coupling.
Advanced AI systems for code analysis, binary analysis, fuzzing orchestration, and penetration-test planningmay significantly increase the rate at which latent vulnerabilities are discovered. While improved discovery can benefit defenders, it can also overload remediation pipelines and accelerate adversarial weaponization. This paper develops a queueing and network-theoretic model of AI-accelerated vulnerability discovery in interconnected systems. We represent an enterprise as a weighted dependency graph with replenishing vulnerability pools, finite remediation capacity, triage degradation, exploit window compression, and dynamic compromise propagation. We derive stability conditions for vulnerability backlogs, formulate a dynamic coupling between unresolved backlog and cascade risk, and evaluate mitigation strategies through simulation. Results indicate that when actionable discovery arrivals exceed remediation throughput, backlogs grow rapidly and systemic risk increases nonlinearly. In hub-dominated topologies, segmentation can reduce propagated compromise more effectively than remediation speed alone, while the strongest defense combines remediation automation with reduced network coupling.