AI and Automation Accelerate Exploitation in 2025
🔍 Rapid7's 2026 Global Threat Landscape Report finds AI and automation compressed the window between vulnerability disclosure and exploitation in 2025, turning what once unfolded over weeks into days or even minutes. The median time to inclusion on CISA's Known Exploited Vulnerabilities catalog fell from 8.5 days to five, and the mean dropped from 61 to 28.5 days. Confirmed exploitation of CVSS 7–10 flaws rose 105% YoY to 146 incidents, with deserialization, authentication bypass and memory corruption among the most targeted issues. Rapid7 urges CISOs to adopt pre-emptive security that reduces attack surface, prioritizes material risk and improves contextual detection and response.
