Artificial intelligence is dramatically accelerating cyber attacks, reducing the time needed to find and exploit software vulnerabilities from days to just hours – and potentially minutes. Dutch cybersecurity officials are sounding the alarm as cheap AI tools make sophisticated hacking accessible to almost anyone.
The warning comes as governments and organizations worldwide grapple with securing their digital infrastructure against an evolving threat landscape where traditional security timelines no longer apply.
Researcher Rogier Fischer from cybersecurity company Hadrian demonstrated the alarming reality to NOS, showing how a low-cost OpenAI model could analyze government website code, identify security flaws, and access restricted data. Fischer successfully downloaded a protected file and accessed a database – all for around 10 euros. “There is nothing that stopped me,” Fischer said, explaining that the access provided full system control. He stopped the test after proving the vulnerability existed.
This represents a fundamental shift in cybersecurity dynamics. What once required days of skilled manual analysis can now be accomplished in hours by AI systems that don’t tire and can work continuously. The implications extend far beyond individual attacks – these tools can scan for vulnerabilities at massive scale.
Supporting this concern, cybersecurity firm AISLE reported finding more than 200 software flaws since September using multiple AI models. Co-founder Jaya Baloo noted that even older, inexpensive AI tools could replicate results previously attributed to more exclusive systems.
“Companies and organizations must be able to respond rapidly,” Matthijs van Amelsfort, director of the National Cyber Security Center (NCSC), told NOS. “In the past, it took days before an attacker exploited a bug. Now it is hours. That will become minutes.”
The speed advantage isn’t the only concern. AI systems can automatically discover serious flaws that have existed undetected for years, including vulnerabilities in legacy systems that organizations may have forgotten about. This creates a double threat: faster exploitation of known weaknesses and discovery of previously hidden ones.
AISLE’s research revealed another troubling trend – the democratization of advanced hacking capabilities. “There was a narrative that AI suddenly became very good at finding vulnerabilities,” Baloo explained. “But we have been doing this for months with older systems.” This suggests that sophisticated attack capabilities are already widely available, not limited to cutting-edge AI models.
While cybersecurity experts believe defenders still maintain an advantage, that gap appears to be shrinking rapidly. The challenge is particularly acute for organizations running older systems with accumulated technical debt and unpatched vulnerabilities.
Key factors making the situation urgent include:
- AI tools can work continuously without human fatigue
- Low costs make advanced hacking accessible to more threat actors
- Legacy systems contain decades-old vulnerabilities now discoverable by AI
- Attack timelines have compressed from days to hours
Dimitri van Zantvliet of the CISO Platform characterized the situation as urgent but not panic-inducing, emphasizing that organizations must accelerate their vulnerability management processes. The traditional approach of patching systems over weeks or months is no longer viable when attacks can be executed in hours.
Historical patterns suggest the threat will intensify quickly. Van Amelsfort noted that attackers typically adopt new technologies within months of their availability, meaning AI-driven hacking could soon become widespread rather than experimental.
The Netherlands faces particular exposure due to its highly digitized infrastructure and government services. “The Netherlands is highly digital,” van Amelsfort said. “That also makes us vulnerable. Attackers and defenders will remain in a constant battle. We must ensure our defenses are in order.”
This development forces a rethinking of cybersecurity strategies across sectors. Organizations can no longer rely on obscurity or the assumption that finding vulnerabilities requires significant time and expertise. The new reality demands faster patch deployment, more aggressive vulnerability scanning, and security architectures designed to contain breaches rather than just prevent them.