cd /news/ai-safety/99-9-of-ai-vulnerabilities-are-fixab… · home topics ai-safety article
[ARTICLE · art-58083] src=byteiota.com ↗ pub= topic=ai-safety verified=true sentiment=↓ negative

99.9% of AI Vulnerabilities Are Fixable. No One Is Fixing Them.

Orca Security's 2026 State of AI Security Report reveals that 99.9% of fixable AI vulnerabilities remain unpatched across over 1,200 production cloud environments, with 50% of AI package vulnerabilities now having publicly available exploits—a 250-fold increase since 2024. Nearly 30% of AI adopters store credentials insecurely, and 56% have deployed AI agent frameworks into production without adequate security review, leading to documented remote code execution and shell injection vulnerabilities.

read4 min views1 publishedJul 13, 2026
99.9% of AI Vulnerabilities Are Fixable. No One Is Fixing Them.
Image: Byteiota (auto-discovered)

Orca Security published its 2026 State of AI Security Report today, and one number stands out: 99.9% of fixable AI vulnerabilities remain unpatched across 1,200+ production cloud environments. Not theoretical vulnerabilities. Not zero-days. Fixable ones — the kind where the patch exists, the CVE is published, and no one ran the update.

If your team is shipping AI to production, this report is about your stack.

The Exploit Gap Closed Quietly #

Here is what changed between 2024 and now. Two years ago, most AI CVEs were theoretical. Security teams deprioritized patching because exploits were rare and proof-of-concept code mostly stayed in research papers. That reasoning is no longer valid.

Orca found that 50% of AI package vulnerabilities now have a publicly available exploit — a 250-fold increase since 2024. Half of everything in your AI dependency tree with a known CVE can be weaponized today, using code someone already published. Meanwhile, 81.2% of organizations running AI packages have at least one known vulnerability, 74.1% have a critical CVE, and patching rates are effectively zero.

The risk calculus changed. Patching habits did not.

Part of this is structural. AI dependency trees — transformers, LangChain, OpenAI SDK, LlamaIndex, PyTorch, vLLM — update on weekly or daily cadences, frequently with breaking changes in minor versions. Security teams built their processes around quarterly patch cycles for stable software. That model does not apply to AI packages, and most teams have not rebuilt the process.

Your Credentials Are Probably Leaking #

The vulnerability problem gets worse when you factor in credential exposure. Orca found that nearly 30% of AI adopters store at least one AI key in an insecure location. Hardcoded into config files, committed to repositories, sitting in unencrypted environment files.

This is not surprising if you know how AI projects actually ship. A developer spins up a prototype with an API key in a .env

file. The prototype becomes production faster than anyone planned. The .env

file ends up in version control because the .gitignore

was added later. By GitGuardian’s count, 29 million secrets leaked in 2025, and AI credentials led the category.

Agent orchestration frameworks — the libraries that wire LLMs to tools and APIs — roughly doubled their credential leak rates. Voice AI platforms showed nearly 800% growth in credential exposure. These numbers reflect how quickly new AI infrastructure is being deployed without the security review that traditional infrastructure gets by default.

Agents Are in Production Without Security Parity #

Fifty-six percent of organizations have deployed AI agent frameworks into production. That sounds like a success story. The catch is what those agents can access: codebases, terminals, environment variables, and credentials. Standard agent configurations hand LLMs capabilities that would trigger an immediate security review if a human employee requested them.

The consequences are documented. Microsoft’s “Prompts become shells” disclosure in May 2026 identified remote code execution paths in three major agent frameworks. GuardFall research found shell injection vulnerabilities in 10 of 11 AI coding agents tested. AI code reviewers are being hijacked to run malware through prompt injection in normal repository files. Langflow CVE-2026-33017 became the first AI agent vulnerability in CISA’s Known Exploited Vulnerabilities catalog.

88% of organizations reported confirmed or suspected AI agent security incidents in 2026, according to an enterprise security survey. This is not a future risk.

What to Do #

The Orca report recommends treating AI as production infrastructure and extending existing security practices across the AI lifecycle. In practice, that means:

Patch AI dependencies on a weekly cadence. Quarterly cycles do not match the update velocity of AI packages. Automate with Dependabot or Renovate configured for AI-specific packages.Rotate any AI key that has ever touched a repository. If it was in a.env

file that was committed at any point, assume it is compromised. Move to a secrets manager (Vault, AWS Secrets Manager, GCP Secret Manager).Apply least-privilege to agents. Audit what your agent frameworks can actually access. They do not need root. They do not need the full repository. Scope tool permissions explicitly.Audit your vector database configuration. Sixty-four percent of AI adopters use vector databases; most were deployed quickly. Check encryption at rest, RBAC settings, and tenant isolation.Enable audit logging for AI API calls. If you do not know what your agents are calling and when, you cannot detect when something goes wrong.

The full Orca findings cover additional areas including encryption gaps and governance posture. The complete report is available from Orca Security directly.

The 99.9% number is not an indictment of careless teams. It reflects a genuine structural mismatch: AI moved into production in months, and security programs that took years to build are not designed for that velocity. The fix is not a single patch cycle. It is rebuilding the habit.

── more in #ai-safety 4 stories · sorted by recency
── more on @orca security 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain — perfect for shipping the agent you just read about.

$git push zahid main
Live at https://your-agent.zahid.host
Get free account → Pricing
from €0/mo · no card required
LIVE [news/99-9-of-ai-vulnerabi…] indexed:0 read:4min 2026-07-13 ·