Engineering · 8 min read · April 17, 2026
Queueing Model Reveals How AI Automation Paradoxically Worsens Cyber Risk
Research from Yun et al. shows that symmetric automation in attack and defense can increase exploit success rates, with heavy-tailed patching delays creating persistent vulnerability backlogs.
Source: arxiv/cs.LG · Jihyeon Yun, Abdullah Yasin Etcibasi, Ming Shi, C. Emre Koksal · open original ↗ ↗
Queueing theory models vulnerability dynamics; symmetric automation paradoxically raises exploit rates; RL-based defense cuts active vulnerabilities by 90%.
- — Vulnerabilities modeled as queue backlog: arrivals (discovery/creation), departures (patching/exploitation).
- — Symmetric AI amplification scales both attack and defense rates, yet increases successful exploits.
- — Real-world patching times exhibit heavy tails, inducing long-range dependence in vulnerability persistence.
- — Dynamic defense formulated as constrained Markov decision process with budget and switching-cost limits.
- — RL algorithm achieves near-optimal regret with provable efficiency guarantees.
- — Trace-driven experiments on ARVO dataset show 90% reduction in active vulnerabilities versus baseline practices.
- — Framework quantifies cumulative exposure risk under temporally dependent attack dynamics.
Frequently asked
- The paper models vulnerabilities as a queue where arrivals (new CVEs) and departures (patches or exploits) both accelerate under automation. If detection automation scales the arrival rate faster than patching automation scales the departure rate, the backlog grows. Worse, heavy-tailed patching delays mean a few vulnerabilities linger for months, creating persistent exposure. Symmetric automation does not guarantee balanced risk reduction.