Two weeks after researchers using an AI tool discovered a major hole in Apache’s ActiveMQ messaging middleware, there are still thousands of unpatched instances open to the internet, more evidence that many application developers and IT leaders aren’t paying close attention to warnings about vulnerabilities.
While the remote code injection vulnerability [CVE-2026-34197] was revealed on April 7, according to statistics from the ShadowServer Foundation, there are still almost 6,500 unpatched instances of ActiveMQ open to being abused.
“The fact that ShadowServer is still seeing 6,000+ unpatched boxes nearly two weeks later is just mind-blowing,” IT analyst Rob Enderle of the Enderle Group told CSO. “In a world where an LLM can help an attacker weaponize a bug the second it’s announced, taking 12 days to patch is essentially a suicide note for your network”.
Vulnerable are versions of ActiveMQ and ActiveMQ Broker before 5.19.4, and 6.0 to before 6.2.3; this means the flaw could have been exploited for over a decade. ActiveMQ Artemis isn’t affected.
The issue is so serious that the US Cybersecurity and Infrastructure Security Agency (CISA) added the bug to its known and exploited vulnerability list (KEV) this week, urging federal agencies to promptly update their applications.
The move should also be seen by private sector developers who use ActiveMQ in their applications, and IT and security leaders who have apps using ActiveMQ in their environments, as a cue to act fast and upgrade to patched versions 5.19.4 or 6.2.3.
Bug found by AI in 10 minutes
The hole was discovered by researchers at Horizon3.ai using Anthropic’s Claude AI assistant. It took them about 10 minutes, an illustration of how quickly modern AI tools can be used by experts to find vulnerabilities. Anthropic says its limited release Claude Mythos tool is even better than Claude at finding flaws.
Apache says an authenticated attacker can exploit the hole with a crafted discovery URI that triggers a parameter to load a remote Spring XML application context using ResourceXmlApplicationContext. Because Spring’s ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker’s Java VM through bean factory methods such as Runtime.exec.
“This vulnerability sat there for 13 years,” noted Enderle. “Humans missed it, scanners missed it, but Claude finds it in what, 10 minutes? That’s a massive capability leap. AI is basically acting like an archeologist for exploits, digging up every skeleton we’ve left in our legacy closets for the last decade.”
The problem for CSOs is “we’re basically bringing a knife to an AI gunfight,” he added. “Most IT shops are still stuck in ‘Human-Speed,’ waiting for a weekend maintenance window or a committee meeting, while the bad guys are running at ‘Machine-Speed.’ If you aren’t automating your defense and using AI to patch as fast as AI is finding the holes, you aren’t just behind; you’re already breached and just don’t know it yet.”
Automation is key
“If a company hasn’t patched this by now, it’s moved past a ‘resource issue’ and straight into professional negligence,” Enderle said. “We’ve got to stop treating patching like a chore and start treating it like a survival requirement.”
The fix is simple, but hard for most old-school IT shops to swallow, he noted: Get the humans out of the way. “If AI is finding holes in minutes,” he said, “a 12-day manual patch cycle is basically an invitation to get robbed.”
Start by putting together a software bill of materials for every app in your environment, Enderle advised. “Without it, you’re just guessing what’s under the hood. You need a live, automated inventory, using standards like CycloneDX, so the second a bug like this [ActiveMQ] hits, you aren’t scanning. You already know exactly which apps are carrying the poisoned ingredient.”
Second, he said, auto-patch the small stuff and use automated testing for the big systems. Again, he maintained that if IT is still waiting for a weekend maintenance window or a committee approval to fix a critical flaw, “you’re playing a 2010 game in a 2026 world.”
“Bottom line,” he said: “If you don’t know what’s in your software, and you can’t fix it faster than an LLM can find it, you’re just a target.”