Security teams have long prioritized high-severity vulnerabilities while often postponing fixes for lower-severity issues. That approach may soon become more dangerous.

Today's vulnerability management practices were built for a pre-AI world. According to TuxCare CEO Igor Seletskiy, AI models are beginning to identify chains involving multiple low- and medium-severity vulnerabilities that human researchers would rarely connect. Individually, these flaws might not warrant urgent action. Combined, they can lead to a complete system compromise.

A longtime entrepreneur in the Linux, hosting, and cybersecurity industries, Seletskiy believes enterprises are focusing on the wrong metric. The future risk, he said, is not necessarily an increase in high-severity Common Vulnerabilities and Exposures (CVEs). It is AI's ability to create high-impact exploits from vulnerabilities that were never considered high risk in isolation.

"What breaks is using it as a prioritization gate because it has no concept of composition. Three low flaws, an info leak, a memory bug, and a weak sandbox can chain into a full compromise even though no single link is critical," he told LinuxInsider.

The Greater Threat