AI Threatens to Overwhelm Device Manufacturers With Vulnerability Data
A new report warns that artificial intelligence will find more security flaws than human teams can manage without automated verification tools.
- By Jesse Jacobs
- Jun 23, 2026
Artificial intelligence is fundamentally reshaping cybersecurity by uncovering software flaws faster than ever before, but a new analysis warns the technology could overwhelm manufacturers of connected devices unless paired with automated management systems.
The report, released by product cybersecurity firm ONEKEY, concludes that the sheer volume of newly discovered vulnerabilities will soon outpace human capacity. To maintain security and satisfy tightening global regulations, organizations must adopt automated screening processes to determine which flaws pose actual risks.
While powerful AI systems are adept at scanning binary code and identifying potential gaps, experts note that the real challenge begins after discovery. Companies must assess how a flaw impacts a specific product in its real-world application, a task where raw AI analysis often reaches its limits.
Security experts caution that finding a vulnerability is distinct from understanding its true operational significance or making risk decisions that withstand legal scrutiny. While AI accelerates initial testing, additional structured tools are required to provide predictable results, traceable audit evidence and compliance documentation.
The shift comes as regulatory pressures mount globally. Upcoming frameworks, including the European Union's Cyber Resilience Act and the IEC 62443 series of industrial standards, will soon require manufacturers to comprehensively document the internal software components of their products. Companies will be legally mandated to explain existing vulnerabilities, detail potential impacts and provide a clear roadmap of how those risks are mitigated.
To satisfy these legal frameworks, industry analysts say manufacturers need a verifiable foundation for decision-making. This includes maintaining an updated Software Bill of Materials, generating vulnerability exchange logs and assembling technical proof of a product’s actual exposure to cyberattacks.
Relying exclusively on raw AI tools to scan code without structured product security processes can actually increase corporate risk. Without automated verification platforms to filter out false alarms and prioritize critical threats, developers face data fatigue, leaving smart products vulnerable to exploitation.