- Better tools to discover vulnerabilities, especially in legacy code
- A hungry and growing commercial market for exploits
- AI tools are making the production of exploits easier
“Attackers are now using AI to move faster than defenders,” says Federico Simonetti, CTO at zero knowledge networking firm Xiid. “AI is highly effective at finding vulnerabilities and crafting exploits, while at the same time, it’s horribly ineffective at applying any significant level of protection.”
Exposure management
Peled Eldan, head of research at cloud security firm XM Cyber, believes the surge of vulnerabilities and exploits is a “byproduct of sprawling cloud estates, rapid migrations, deployment mishaps, misconfigurations, and more.”
“While the NVD is still a foundational pillar of cybersecurity, SOC teams need far more than CVE IDs and CVSS scores to meaningfully reduce risk,” Eldan says. “Even if NVD enrichment speeds up, it won’t fix the bigger problem: understanding how vulnerabilities connect with other exposures to create exploitable attack paths.”
