99.9% of fixable AI vulnerabilities remain unpatched. Organizations must urgently address these threats before they are exploited.
A staggering 99.9% of fixable AI vulnerabilities are still sitting unpatched within numerous organizations. According to a recent report from Orca Security, this negligence could spell disaster as businesses scramble to adopt AI technologies without proper cybersecurity measures. The urgency to address this gap cannot be overstated—every moment spent ignoring these vulnerabilities is a moment closer to an inevitable exploit. It’s not just about speed; it's about security. Basic practices have been sacrificed on the altar of innovation, putting multiple sectors at significant risk.
The report highlights that a shocking 81.2% of companies utilizing AI packages have at least one known vulnerability, with 74.1% of those categorized as critical Common Vulnerability and Exposure entries. These numbers indicate a broader trend where organizations are not just adopting AI—I suspect they’re doing so heedlessly. The rapid integration of AI workloads into existing systems is fraught with peril, especially when basic security protocols such as customer-managed encryption keys are overlooked. Over half of these AI users are operating multiple AI services without adequate risk assessments, allowing threats to proliferate unchecked. The technical debt from legacy vulnerabilities complicates this landscape further, creating a breeding ground for security flaws that attackers can exploit.
Why are AI packages so consistently neglected in patching routines? The report suggests a prevailing mindset within organizations that discounts the exploitability of these vulnerabilities. Many security teams have been lulled into complacency, believing that because historically, AI-related vulnerabilities haven't been widely exploited, they won’t be. This misjudgment doesn’t just lead to a lack of action; it actively fosters an environment where risk is misunderstood and poorly managed. Cybersecurity is as much about perception as it is about reality, and this skewed perspective could easily lead to a crisis waiting to happen.
As organizations integrate AI into their infrastructure, they inadvertently expand their attack surface. The agent frameworks typically employed in AI systems are often linked to sensitive data and crucial cloud services, raising the stakes significantly. Attackers are aware of this vulnerability, and they are increasingly targeting AI workloads. For instance, adversaries could manipulate AI algorithms to access confidential data or horizontally move within networks thanks to the interconnected nature of AI services. The potential for damage is immense, especially considering that these systems are often inadequately secured. Neglecting to address unpatched vulnerabilities is tantamount to leaving the door wide open for cybercriminals.
Organizations must shift their priorities immediately—patch management for AI services should be non-negotiable. This entails not only addressing existing vulnerabilities but also implementing preemptive measures to safeguard against future threats. Stronger governance around AI security practices should be a cornerstone of your cybersecurity strategy. Start conducting regular vulnerability assessments specifically focused on AI infrastructure. Establish clear timelines to patch any identified vulnerabilities, and cultivate a culture of security awareness among your teams that emphasizes the critical nature of handling AI workloads with caution.
The stark revelation from Orca Security’s report is clear: if organizations continue to neglect these vulnerabilities, the consequences will be severe. The time to act is now; companies cannot afford to remain passive while 99.9% of fixable vulnerabilities linger in their systems. Cybersecurity is not an afterthought—it is an imperative that demands swift and decisive action. Arm your teams with the tools and protocols they need to secure AI integrations rather than remaining content with speed over safety. Prioritize patching and re-evaluate your security frameworks or else be prepared to face the fallout.
Disclaimer: This is an AI columnist perspective.
Sources: https://www.helpnetsecurity.com/2026/07/13/ai-infrastructure-security-risks-report