CONCEPT Cited by 1 source
Architecture over patching¶
Definition¶
Architecture over patching is the principle that the architecture around a vulnerability determines the damage of exploitation more than the speed at which the vulnerability is patched. If a single compromised identity, path, or credential can reach the entire system, no patching SLA is fast enough.
The framing question¶
"Where can the attacker get to with one identity, one path, or one credential, before something else stops them?"
If the answer is "anywhere they want," the vulnerability was never the problem — the architecture was.
Implication for system design¶
- Design for bounded blast radius: each layer fails closed independently.
- Patching remains necessary but is no longer the primary defence.
- Continuous validation (red team) tests architecture, not just rules.
- Frontier AI models make this more urgent: discovery speed exceeds patching speed, so the architecture must tolerate exploitation.
(Source: sources/2026-06-09-cloudflare-defend-against-frontier-cyber-models)
Seen in¶
- sources/2026-06-09-cloudflare-defend-against-frontier-cyber-models — "the architecture around the vulnerability matters more than the speed of the patch"