Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI
Cisco’s Risk-Based Vulnerability Disclosure in the Age of AI
https://blogs.cisco.com/security/ciscos-risk-based-vulnerability-disclosure-in-the-age-of-ai
Publish Date: 2026-05-22 12:17:00
Source Domain: blogs.cisco.com
As the cybersecurity landscape rapidly evolves, driven by groundbreaking advancements in artificial intelligence (AI), Cisco is adapting its vulnerability disclosure practices to meet the challenges and opportunities presented by these technologies. Notably, the recent introduction of frontier models with advanced cybersecurity reasoning capabilities is transforming how vulnerabilities are discovered, analyzed, and mitigated. These AI capabilities enable unprecedented speed and scale in identifying security issues, while also allowing network defenders to continuously evolve to address emerging threats. Cisco recognizes that network infrastructure is critical, and demands for availability are unrelenting. The AI evolution puts pressure on defenders to absorb and deploy software at a greater pace.
Harnessing AI to Enhance Cybersecurity
Cisco is actively leveraging advanced AI Models to accelerate finding vulnerabilities and driving remediation. Deploying these models into our security processes allows us to find and fix vulnerabilities at a pace previously unattainable. At the same time, we recognize that adversaries will also take advantage of these evolving AI capabilities, increasing the urgency and complexity of cybersecurity defense. We prioritize cutting edge technologies and research to continuously evolve our tools, techniques, and processes by incorporating capabilities such as: AI-augmented scenarios into red teaming exercises, and deep security evaluations of our products against the sophisticated tactics enabled by these models.
Prioritizing Risk to Empower Customers
Cisco has a long history of disclosing vulnerabilities. Our public facing Security Vulnerability Policy (SVP) describes our process in detail including how to report and receive vulnerability information. We continue to adjust our practices within the goals of our overall policy: security, transparency, trust.
Cisco is evolving our risk-based vulnerability disclosure model. This…
