Managing IT Operations when AI outpaces your patching cycle

It’s no surprise that AI has altered the technology landscape and added more complexity for IT teams. And when it comes to vulnerability management and patching, scheduled security is now outpaced by AI-detected vulnerabilities. This new complexity means our traditional, time-bound routines have become a liability—creating a lag time between threat discovery, containment, and remediation.

Anthropic’s recent Project Glasswing update proves what security teams have known for a while: The traditional patch cycle simply doesn't work when exposures are discovered at machine speed. Anthropic stated its Claude Mythos Preview model discovered over 10,000 high- or critical-severity vulnerabilities across major enterprise software in just weeks.

While AI has made identifying vulnerabilities near-instantaneous, finding them is only half the battle. The true challenge for IT leaders lies in the operational delay that follows—the critical gap between discovering a threat and enforcing the necessary containment or remediation before it can be exploited.

The real risk: Time between discovery and enforcement

Automating a deployment script misses the real operational bottleneck. In a hybrid environment, safely deploying a patch or rolling out a new build takes time, which requires testing, change approvals, and staged maintenance windows to protect and coordinate system uptime.

The delay between discovering vulnerabilities and addressing them becomes the risk. Relying on scheduled, periodic cycles creates three clear issues:

• The exposure window: Even mature pipelines require hours or days to test and deploy a fix safely. Attackers exploit this exact window, moving minutes after a vulnerability goes public.
• Predictable routines: Security postures that are only checked on a rigid schedule become highly predictable and create a false sense of security.  Malicious actors use automated bots and tooling to scan for vulnerabilities, they don't wait for schedules or routines.
• Human-gated delays: While final deployments can be automated, the surrounding governance, such as architectural sign-offs and compliance reviews, remains human-bound, leaving exposures open at runtime.

Defending against automated threats means teams cannot leave systems exposed while waiting for a complete development cycle. 

Shrinking the containment window from days to minutes

To defend against machine-speed threats, organizations must shift away from waiting on the next scheduled maintenance window. Security enforcement needs to become an active, real-time response that contains threats the moment they are detected.

By automating these immediate containment steps, teams can shrink a typical multi-day or multi-week remediation cycle down to a near-instantaneous automated response. This doesn't replace the thorough testing required for a permanent software patch or an immutable build; rather, it safely buys the enterprise the time it needs to deploy those permanent fixes without leaving systems wide open to exploitation.

This is where Event-Driven Ansible, included in Red Hat Ansible Automation Platform, changes the operational dynamic. Instead of relying on a human engineer to manually triage a ticket and log into a console, Event-Driven Ansible acts as an automated circuit breaker. When a high-signal security tool identifies a critical exposure, Event-Driven Ansible can instantly trigger targeted, pre-approved playbooks to isolate the affected asset, tweak a security group, or temporarily revoke a compromised credential, supported with human-in-the-loop approval steps for higher risk actions.

Protecting uptime and restoring baselines

The next step in this evolution is combining event-driven execution with AI intelligence. Shifting to an orchestration model delivers operational benefits that go far beyond basic vulnerability patching:

• Continuous compliance: Security baselines are enforced continuously at runtime. This turns compliance from a stressful, point-in-time audit into a natural byproduct of daily operations.
• Uptime-aware remediation: The platform monitors system health during execution. If a containment action or configuration change disrupts production, the system can automatically rollback to protect uptime while instantly elevating the alert to SecOps. This human-in-the-loop guardrail allows engineers to step in and deploy alternative mitigations, such as tightening perimeter security or modifying firewall rules, rather than leaving an exposure unprotected.
• Breaking the exploit chain: Automated orchestration can continuously correct things such as configuration errors and drift. But what about watching for things you don’t know about? Attackers will leverage lateral pathways they need to move through your network in unknown or new unpredictable ways. The recently announced automation orchestrator is designed to turn isolated automated responses into a continuous, guarded security loop that handles both software flaws and configuration issues. The resulting workflows combine contextual analysis and human-in-the-loop governance to execute and scale across fleets.

The bottom line

AI is making vulnerability management more complex. IT operations leaders must evolve from time-bound routines using automation to continuous and event-driven results minimizing lag time between threat discovery and containment allowing teams to reduce risks in minutes and restore systems to a secure baseline more efficiently.

Next steps

To close the velocity gap and move your enterprise from scheduled patching to continuous, event-driven enforcement, check out these resources:

• Review the architecture in action: Watch our executive-level framework on Automated CVE Triage and Remediation with Red Hat Lightspeed and Ansible Automation Platform to see how agentic security loops operate under strict corporate governance.
• Schedule an executive briefing: Ready to transition your estate from reactive patching to continuous enforcement? Contact the Red Hat Enterprise Sales Team to schedule a dedicated strategic consultation with an Automation Architect.