Cisco's AI-Driven Vulnerability Disclosure: New Risk Approach

Cisco is changing how it discloses vulnerabilities, moving to a risk-based approach for the AI era. Security teams often face long lists of issues and limited time to fix them. Cisco believes AI will accelerate vulnerability discovery, adding more pressure. What's new is that Cisco will prioritize issues already being exploited or those more likely to be used in attacks. Detailed disclosures will continue for critical findings. However, some lower-risk issues found internally might no longer get standalone advisories. Instead, Cisco plans to provide higher-level information about software releases with security patches, directing customers to updated versions. Cisco's VP of Information Security, Russ Smoak, says the company is using advanced AI models to find and fix vulnerabilities faster than before. But he also warns that adversaries will use these same AI tools, making cybersecurity more complex. This new approach aims to help the industry manage the expected increase in vulnerability volume.