90-day disclosure policy is collapsing as AI transforms security landscape. The model designed for a pre-LLM world assumed bug finders were rare and exploit development slow. Now multiple researchers independently discover same critical flaws simultaneously, while attackers turn patches into working exploits within minutes. Security teams can no longer rely on comfortable head starts.

Recent examples illustrate the crisis: 11 researchers found identical e-commerce vulnerability within six weeks; React patches became functional exploits in 30 minutes using AI assistance. Linux kernel vulnerabilities Copy Fail and Dirty Frag appeared back-to-back, both with public exploits and working mitigations within days. The traditional grace period between patch and exploitation has vanished.

Security teams must treat every critical issue as P0 priority and patch immediately, not tomorrow or next sprint. The maintenance window is now. Companies cannot afford scheduled deployments when exploit development happens in minutes, not days or weeks. The fundamental assumptions of responsible disclosure no longer apply in our AI-accelerated world.