AI Didn’t Create New Vulnerabilities — It Made Old Ones Affordable

Infrastructure was never fully hardened — and for years, it didn’t need to be. Exploiting a misconfigured DNS rule or an over-permissive IAM role required real skill. That complexity was a natural filter. AI removed it. This week, researchers broke out of AWS Bedrock’s “isolated” sandbox using DNS tunneling and escaped Snowflake’s coding agent via process substitution — techniques that once required deep infrastructure expertise. Check Point documented a single developer building 88,000 lines of deployment-ready malware in a week using an AI IDE. The vulnerability surface didn’t change — but the population that can exploit it expanded by orders of magnitude. Every misconfiguration, every “we’ll fix it next quarter” is now in play — because the cost to exploit it dropped to near zero. The vulnerability backlog didn’t grow. The exploitation clock just got 100x faster.