JULY 7, 2026
Amir Preminger, CTO of industrial security firm Claroty, described the shift in a single image: “From the moment a vulnerability is published, the hourglass flips.” For most of the last decade, that hourglass ran slowly. A new CVE would be published, security teams would have weeks to assess and patch, and exploitation, when it came, arrived after most organizations had already closed the gap. That assumption no longer holds.
The mean time between vulnerability disclosure and working exploit has collapsed. Research compiled by the Cloud Security Alliance’s AI Safety Initiative found that mean time to exploit fell from roughly 32 days in 2022 to approximately 5 days in 2023 measurements, and by 2025, 32.1 percent of newly tracked exploits were already weaponized on or before the day their CVE was published. For specific product categories, particularly internet-exposed remote access infrastructure, exploit-intelligence reporting from early 2026 places the average disclosure-to-exploit window at approximately 10 hours, down from 56 days as recently as 2024.
This is not a single trend. It is the convergence of three forces: record vulnerability volume that overwhelms manual triage, automated scanning infrastructure that tests every newly disclosed CVE within hours of publication, and artificial intelligence that is compressing the time required to go from a CVE description to a working exploit. Understanding why this window closed, and what is driving it, is the foundation for deciding how a vulnerability management program needs to change.
| 32 to 5 days: how far the mean time to exploit fell between 2022 and 2023 measurements (CSA AI Safety Initiative) | 32.1% of exploited CVEs in 2025 were weaponized on or before their public disclosure date (VulnCheck) | 48,185 CVEs published in 2025, a 263% increase from 2020; Q1 2026 running about a third higher than Q1 2025 | 206 CVEs in Microsoft’s June 2026 Patch Tuesday, a record, with 13 flagged Exploitation More Likely |

The shift from weeks to days to hours did not happen in a single jump. It has been a steady compression driven by improvements in both attacker tooling and the infrastructure that distributes vulnerability information itself.
Historically, the gap between a vulnerability being discovered and exploited in the wild was measured in months. Atos’s 2026 analysis of AI’s effect on the threat landscape describes the trajectory plainly: the gap shrank to weeks, then to days, and with AI-augmented vulnerability research, the industry is moving into a world where that window can be measured in hours for some categories. The Cloud Security Alliance’s April 2026 whitepaper quantifies the early part of this trajectory: mean time to exploit fell from approximately 32 days in 2022 to approximately 5 days as measured for 2023 exploitation activity.
By 2025, the proportion of exploited vulnerabilities weaponized on or before their public disclosure date reached 32.1 percent, according to VulnCheck’s exploitation tracking. This statistic deserves emphasis: nearly one in three exploited vulnerabilities had no meaningful patch window at all. The defender’s first opportunity to respond, the moment the CVE becomes public, arrived after exploitation had already started in roughly a third of cases.
For specific technology categories, the window has compressed even further. Exploit-intelligence reporting surfacing in late April 2026, corroborated across multiple datasets, found that the average time between a CVE being published and a working exploit appearing in the wild had fallen to approximately 10 hours, down from 56 days as recently as 2024. The categories experiencing the fastest compression are internet-exposed remote access infrastructure: VPN concentrators, remote desktop gateways, and firewalls with management interfaces reachable from the public internet. These are weaponized faster than almost any other category because successful exploitation hands the attacker an interactive foothold inside the network immediately.
| 💡 Why Hours, Not Days Automated exploit scanners are now configured to test against the National Vulnerability Database feed directly. The moment a new CVE for a known product category appears, scanning infrastructure that has been pre-built and pre-staged begins testing internet-facing instances of that product within the same business day. This is not artisanal exploit development; it is industrial automation applied to a published feed. The CVE publication event itself has become the trigger for an automated attack pipeline. |
This acceleration is occurring against a backdrop of record vulnerability volume that makes manual response increasingly untenable. A record 48,185 CVEs were published in 2025, a 263 percent increase from 2020. Submissions in the first quarter of 2026 ran approximately one-third higher than the same period in 2025. NIST responded to this volume pressure in April 2026 by announcing it would triage NVD enrichment, prioritizing KEV catalog entries, federal software, and critical infrastructure applications, while explicitly acknowledging that comprehensive enrichment coverage of every published CVE is no longer feasible.
Microsoft’s June 2026 Patch Tuesday illustrated where this volume trend is heading: a record 206 unique CVEs in a single monthly release, including three previously disclosed zero-days and 13 vulnerabilities flagged “Exploitation More Likely.” Tenable’s Satnam Narang put the trajectory directly: the days of 50 to 70 CVEs in a single Patch Tuesday release are in the rearview, and 100-plus CVEs each month is becoming the expected norm.

The compression of the disclosure-to-exploit window is not the result of any single factor. It is the product of three trends reinforcing each other simultaneously.
| We’re seeing a clear acceleration in the time between vulnerability disclosure and real-world exploitation. From the moment a vulnerability is published, the hourglass flips. Today it’s much easier both to weaponize a vulnerability and to identify who is exposed. The time it takes vendors to develop and distribute updates hasn’t shortened at the same pace, and that gap is exactly where attacks happen. – Amir Preminger, CTO, Claroty |
Preminger’s observation identifies the structural asymmetry at the center of this problem. Exploitation speed has accelerated dramatically. Vendor patch development and distribution timelines have not accelerated at anything close to the same rate. A vendor that takes two to four weeks to develop, test, and release a patch is operating on a timeline calibrated to a threat landscape that no longer exists. The gap between exploitation speed and remediation speed is not closing; it is widening, and that widening gap is precisely where successful attacks occur.
Mass exploitation campaigns no longer require an attacker to manually identify and target vulnerable systems. Automated scanners, often built and maintained as commercial or semi-commercial infrastructure, monitor the NVD feed and security advisories directly, then launch testing against internet-facing instances of newly disclosed vulnerable products within the same business day the CVE appears. This transforms every new disclosure into an immediate, automated, internet-wide test of every reachable instance of the affected product.
The third and most consequential force is the application of AI to vulnerability research and exploit development on both sides of the equation. Google’s Threat Intelligence Group has stated directly that vulnerability discovery, weaponization, and exploit deployment can all be enhanced by AI capabilities, creating the potential for exploitation to move faster than ever before. This is the focus of the next section.
AI’s effect on the exploitation timeline is real, measurable, and already documented in active campaigns. It is also, based on the most rigorous available evidence, an amplifier of human-directed operations rather than a fully autonomous threat. That distinction matters enormously for how defenders should respond.
| DOCUMENTED CASE | 2026 // AI-Assisted Exploit Development // State-Sponsored APT45 (North Korea): Recursive AI-Assisted CVE Analysis and Proof-of-Concept Validation Source: Google Threat Intelligence Group AI Threat Tracker, running since February 2026 |
Google’s GTIG, through its AI Threat Tracker monitoring program, identified APT45, a North Korea-linked state-sponsored group, sending thousands of repetitive prompts to an AI system to recursively analyze CVE descriptions and validate proof-of-concept exploits. The group used agentic AI tools alongside intentionally vulnerable test environments to iterate toward working exploits faster than a human researcher working alone could achieve. Separately, China-nexus groups tracked as UNC2814 and APT27 used AI specifically to research firmware vulnerabilities and accelerate malware development.
The detail that matters most for defenders: this was confirmed amplification of human-directed operations, not autonomous AI exploitation. APT45 still needed experienced human operators to direct the AI’s analysis, select which targets and vulnerabilities mattered, and build the broader attack infrastructure around the resulting exploit. North Korea’s entire cyber operations budget is estimated at roughly $6 billion annually; AI amplifies the output of that budget without requiring additional human expertise to be hired or trained.
| There’s a misconception that the AI vulnerability race is imminent. It allows both attackers and defenders to operate faster. – John Hultquist, Chief Analyst, Google Threat Intelligence Group |
| DOCUMENTED CASE | November 2025 to January 2026 // AI Attack Framework // Public GitHub Release CyberStrikeAI: From GitHub Publication to 600+ Confirmed Device Compromises in Two Months Source: Cloud Security Alliance AI Safety Initiative whitepaper, April 2026 |
CyberStrikeAI, an AI-powered attack framework, was published openly to GitHub in November 2025. By January 2026, just two months later, it had confirmed attacks against more than 600 devices across 55 countries. The Model Context Protocol, which standardizes how large language models interface with external tools, acted as a force multiplier in this case, enabling the framework’s components to be composed and deployed with minimal integration effort by operators who did not need deep technical expertise to use it.
The compressed timeline from publication to confirmed mass exploitation, two months, illustrates a structural change: AI-enabled attack tooling does not require the years of refinement that earlier generations of exploit frameworks needed to reach operational maturity. The barrier between a published proof-of-concept and a working mass-exploitation tool has narrowed substantially.
Google’s Threat Intelligence Group documented at least 10 zero-days attributed to China-nexus espionage groups in 2025, double the figure recorded in 2024. Among the notable campaigns, the threat actor tracked as UNC3886 exploited an improper isolation flaw in Juniper MX routers, tracked as CVE-2025-21590, while UNC5221 was linked to attacks involving Brickstorm malware. GTIG’s broader 2026 reporting found that nearly half of all exploited zero-day vulnerabilities now target enterprise-grade technology specifically, the highest share on record, and the report explicitly attributes part of this trend to AI’s growing role in reconnaissance, vulnerability discovery, and exploit development.
The same capability accelerating offensive exploit development is also accelerating defensive vulnerability discovery, and the clearest evidence of this came before the attacker side caught up. Google’s Big Sleep project, a collaboration between Project Zero and DeepMind, reported 20 previously unknown vulnerabilities in widely used open source software as of August 2025. Among them was a critical zero-day, CVE-2025-6965, that Big Sleep discovered and disclosed before it could be actively exploited in the wild.
This case is worth sitting with because it demonstrates both sides of the dual-use dynamic in a single example. Big Sleep used AI to find a vulnerability faster than human researchers, and faster than attackers found it independently, closing the window before exploitation could begin rather than after. Atos’s analysis of this dynamic captures the core tension precisely: the same models that can continuously scan complex environments, identify misconfigurations and zero-days at scale, and generate patches or compensating controls at machine speed can, in the hands of a determined attacker, collapse the cost and expertise required to find and exploit critical flaws.
| 🔍 HackerOne’s Confirmation of the AI Inflection HackerOne’s 9th Annual Hacker-Powered Security Report, drawing on more than 580,000 validated vulnerabilities reported across its platform to date, documented AI vulnerability reports surging more than 200 percent year-over-year, with prompt injection reports specifically up 540 percent. This confirms AI is now the fastest-growing attack surface category among professional bug-bounty researchers, not a future risk but a present and rapidly expanding one. |
A vulnerability management program built around periodic scanning, scheduled monthly patch cycles, and a manual review queue was a reasonable design when the average exploitation window was measured in weeks. Against a window measured in hours for the highest-risk categories, that design is structurally incapable of providing protection during the period that matters most: the gap between disclosure and patch deployment.
If a patch cannot be deployed within hours of disclosure, and for the vast majority of enterprise environments it cannot, the only viable defense during the exposure window is a compensating control that does not depend on the patch: network segmentation that limits the blast radius of a compromised device, default-deny policies on management interfaces, behavioral detection tuned to the specific exploitation pattern associated with the vulnerability class, and, most importantly, advance knowledge that a specific CVE affecting your specific technology stack has entered active exploitation.
The CISA KEV catalog remains a valuable and necessary resource, but it is a confirmation mechanism, not an early-warning system. By the time a vulnerability is formally added to KEV, exploitation has typically been underway long enough for the addition to be confirmed through multiple independent sources. Proofpoint’s research comparing actively exploited 2026 CVEs against the same date’s KEV catalog entries found a 50 percent gap, meaning half of the vulnerabilities under live attack at any given moment were not yet reflected in the public catalog. Organizations whose vulnerability intelligence stops at KEV monitoring are operating with a built-in delay relative to what is actually happening in the wild.
Proactive threat intelligence shifts the detection point from the patch deployment stage to the exploitation preparation stage. Dark web forums and exploit marketplaces frequently carry discussion of working exploits, proof-of-concept code, and active targeting campaigns before that activity is reflected in any public vulnerability database. Monitoring this layer provides a detection window that exists before automated mass-scanning campaigns reach your specific assets, not after.
| What the Data Shows | What Your Program Needs to Do |
| Mean time to exploit has fallen from roughly a month (2022) to days (2023-2025), and to hours for edge devices (2026) | Monthly or even weekly patch cycles cannot close the exposure window for high-risk technology categories. Compensating controls must be pre-staged, not deployed reactively after disclosure. |
| 32.1% of exploited CVEs hit on or before their disclosure date | Patch-gap analysis alone cannot protect against this category. Behavioral detection and network segmentation must cover the period before a CVE identifier even exists. |
| CISA KEV reflects roughly half of actively exploited CVEs at any given time (Proofpoint) | KEV monitoring alone is a lagging signal. Dark web and exploit marketplace monitoring is required to detect exploitation activity before public catalog confirmation. |
| AI amplifies human-directed exploit development (APT45, CyberStrikeAI) rather than operating autonomously | The appropriate response is not AI-on-AI warfare. It is faster patching, AI-assisted defensive scanning, stronger authentication, and proactive threat hunting, the same fundamentals, executed faster. |
| AI-enabled attack frameworks reach mass-exploitation scale within months of public release (CyberStrikeAI: 2 months) | Newly published proof-of-concept tools and frameworks should be treated as an immediate intelligence priority, not a future risk to monitor casually. |
| Record CVE volume (48,185 in 2025; 100+/month becoming normal) is overwhelming manual triage and NVD enrichment capacity | Exploitation-signal-based prioritization, not CVSS score alone, must drive patch sequencing. EPSS scores and real exploitation telemetry are now necessary inputs. |
| RELATED READING: The 2026 Vulnerability Exploitation Trends: What Threat Actors Are Actually Using brandefense.io/blog/2026-vulnerability-exploitation-trends-h1-analysis. Our H1 2026 analysis of CVE volume, exploited-in-the-wild statistics, n-day versus zero-day ratios, and sector-level exploitation distribution. |
Operating effectively against a window measured in hours requires intelligence that moves at the same speed as the exploitation activity it is meant to detect. Brandefense’s EASM and CTI platform is built specifically to close the gap between public disclosure and the moment your organization needs to know it is exposed.
| Brandefense Capability | Application to the Collapsing Exploit Window |
| Continuous External Attack Surface Monitoring | Maps every internet-facing asset in real time, so the moment a CVE is published for a product you run, you already know which specific assets are affected without waiting for a manual inventory check |
| Pre-KEV Exploitation Intelligence | Dark web and exploit marketplace monitoring detects working exploits, proof-of-concept releases, and active targeting discussion before they are reflected in the CISA KEV catalog, closing the roughly 50% visibility gap documented by Proofpoint |
| AI-Accelerated Threat Actor Tracking | Monitors state-sponsored and criminal use of AI-assisted exploit development by actor and technology category, surfacing newly published attack frameworks and tooling relevant to your stack before they reach mass-exploitation scale |
| Exploitation-Signal Prioritization Support | Provides real exploitation telemetry to supplement CVSS scoring, enabling prioritization based on what is actually being exploited against your specific technology footprint rather than theoretical severity alone |
| 24/7 Analyst Escalation | All high-priority exploitation signals affecting your technology stack are reviewed by analysts, with immediate escalation when a vulnerability in your environment enters active exploitation |
The hourglass Preminger describes is not going to slow back down. Patch development timelines are constrained by real engineering and testing requirements that cannot be compressed indefinitely, while exploitation speed has no equivalent floor and continues to fall as AI tooling matures. The organizations that maintain protection in this environment are not the ones with the fastest patch cycles. They are the ones with the earliest signal: knowing that a specific vulnerability in their specific environment has entered active exploitation, before the patch is ready and before the automated scanners arrive.

Take control of your digital security with an exclusive demo of our powerful threat management platform.