The White House’s new Gold Eagle initiative, announced yesterday, aims to bring federal agencies, software companies, infrastructure operators and security researchers into one system for finding, ranking and fixing serious vulnerabilities. The new initiative comes as attackers use automation to scan networks, test weaknesses and move through breached systems at speeds that human security teams struggle to match.
Gold Eagle will connect officials from the White House, Treasury, the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency and the Defense Department with private companies and open source software groups. Washington has launched cyber partnerships before, often with ambitious language and uneven results. Gold Eagle’s goal is to shorten the time between the discovery of a flaw and the installation of a working patch.
The program has started receiving vulnerability reports, checking scans and sending repair guidance to government and corporate defenders, according to the White House. Treasury Secretary Scott Bessent said the government would work “hand in hand with the private sector.” Defense Secretary Pete Hegseth called for a “wartime footing to the cyber domain.”
Attackers Are Winning The Race To Exploit New Flaws
Gold Eagle must help organizations sort through a noisy stream of security warnings, decide which flaws pose an immediate threat and push software makers and network operators to act. That job has grown harder as AI produces more alerts, more code analysis and more claimed discoveries.
Software vulnerabilities have become one of the most common ways to break into corporate networks, and with AI powering the most recent attacks, those vulnerabilities could potentially skyrocket. Verizon’s 2026 Data Breach Investigations Report found that 31% of breaches began with the exploitation of a software vulnerability. Vulnerable systems ranked ahead of stolen credentials as an entry point in Verizon’s data.
Google’s Mandiant unit found a similar pattern. Exploits accounted for 32% of the intrusions reviewed in its 2026 M Trends report. It was the sixth straight year that exploitation ranked first among the ways attackers gained entry.
The speed of those attacks has changed too. Mandiant found that cybercriminals are passing stolen access to each other much faster, with the median handoff time between an initial access broker and another criminal group falling from more than eight hours in 2022 to 22 seconds in 2025. In practice, one crew can breach a company and sell access to another crew before the victim has opened the first alert. Ransomware operators no longer need to wait for a long negotiation or a hand written report, with the transfer can happen almost at once.
The challenge is that a vulnerability may be found by a cloud provider, a federal agency, an independent researcher or a security vendor. Each group may assign it a different score and priority. One may know that attackers are using it while another may know that thousands of exposed systems remain unpatched, and a third may have a working fix.
Gold Eagle is supposed to bring them together. Instead of sending every warning into the same queue, the program would place the most dangerous flaws at the top and tell operators what to fix first.
AI Is Producing More Vulnerabilities Than Teams Can Process
The case for AI assisted security research has moved beyond theory. Last week, I wrote about JadePuffer, a ransomware operation that used an AI agent to handle much of the intrusion process. The agent could inspect its target, harvest credentials, adjust when a command failed and continue the attack with limited human direction. Cheaper agentic models could put those abilities within reach of smaller and less skilled criminal groups.
Put the two developments together and the danger becomes clearer. Criminals can already pass compromised access from one group to another in seconds. Agentic AI can then take over some of the labor that once required an experienced hacker at a keyboard. One criminal finds the open door. Another supplies the objective. The AI does much of the work inside.
NIST has felt the strain. In April, NIST said it would put more attention on vulnerabilities in CISA’s Known Exploited Vulnerabilities catalog, software used by federal agencies and products classed as critical. Other records may wait longer for analysis. Gold Eagle looks like a response to that backlog. AI can produce more reports. The federal government now wants a system that decides which reports deserve action first.
The Cybersecurity Market Is Already Betting On Automation
The commercial market has been moving in the same direction. A major security vendor may see activity from millions of devices, cloud accounts and user identities. That gives its models more evidence when deciding whether a newly found flaw poses a real threat. Smaller firms may have sharper research in a narrow field, but they may lack the distribution needed to influence federal priorities.
Gold Eagle could push more government and corporate spending toward companies that already hold large stores of security data. Open standards could let small research teams submit evidence without navigating a long federal sales process.
CISA already operates the Joint Cyber Defense Collaborative, or JCDC. That program brings government agencies, technology companies and foreign partners together to share threat information and plan defensive action. Gold Eagle appears to have a tighter focus.
It is focused on software flaws, scan results, severity rankings and patches while JCDC deals with broader threats and joint planning. Gold Eagle is supposed to move from simply providing warnings to providing repairs.
Europe is taking another path. The European Union’s Cyber Resilience Act requires manufacturers to report actively exploited vulnerabilities through a central platform. Those duties begin on September 11, 2026. The European model relies on legal requirements placed on product makers. Gold Eagle relies more heavily on voluntary cooperation, federal resources and shared access to advanced AI systems.
The White House Has Yet To Define Success
The announcement leaves several major points unresolved. The White House has not named the participating companies. It has not published goals for patching speed. It has not explained how officials will settle disputes over severity, disclosure or whether a patch is safe to deploy.
A related executive order allows voluntary access to covered frontier models and calls for classified tests of advanced cyber capabilities. The work still depends on existing legal authority, agency budgets and available federal funds.
Security is another concern. A national clearinghouse would hold sensitive data about unpatched systems, exposed infrastructure and weaknesses in widely used software. Foreign intelligence agencies and criminal groups would have every reason to target it. A stolen priority list could tell attackers which flaws remain open and where to look.
The government should also publish clear measures for the program. How long does it take to confirm a reported flaw? How quickly does the vendor receive notice? How many days pass before infrastructure operators install the patch? How often does Gold Eagle place an actively exploited vulnerability near the top of its list? Those figures would show whether the project is changing outcomes.
No doubt the worlds of AI and cybersecurity are colliding fast. That is why the initiative is relevant now. AI has accelerated the search for vulnerabilities, but patching still moves through meetings, ticket queues and maintenance windows. Attackers have automated their side of the contest. Defenders have only partly done the same.











