AI has collapsed the cost of exploitation, with threat actors using agentic AI to speed up reconnaissance, vulnerability discovery, exploit development and operations. The piece notes that automation turns a vulnerability backlog into a weapon, and that moving from discovery to exploitation can now happen far faster than before; one example cites a backlog of 13,000 Highs in production.
It argues that boards must engage with real risk reporting, citing Delaware’s Caremark line of cases and urging reporting systems that surface consequential risk and active board oversight. The author also calls for concrete questions for boards and CISOs, including end-to-end vulnerability management, current counts of Criticals and Highs, remediation timelines, and the financial cost of the backlog.
It warns that simply patching faster is not a complete answer and highlights regulatory shifts such as the EU’s Cyber Resilience Act taking effect in December 2027 and the Digital Operational Resilience Act in financial services. According to Chainguard.