AI-Driven Exploit Development Accelerates Vulnerability Risks for Security Teams

Accelerated Exploit Development: A Challenge for Security Teams

In a significant report released by Cogent Security, alarming findings emerged regarding the pace of exploit development compared to traditional scanner detection methods. This new analysis examined over 69,000 Common Vulnerabilities and Exposures (CVEs) and revealed that the window for responding to vulnerabilities has drastically reduced. Vulnerability scanners are struggling to keep up, putting cybersecurity teams at an increasing disadvantage during critical moments following a vulnerability's disclosure.

Key Findings

One of the stark revelations from the report is that for 62% of critical vulnerabilities, working exploits were available before scanners could generate detection signatures. This means that organizations could be vulnerable to attacks without even knowing. More strikingly, 83.2% of critical vulnerabilities either lacked scanner coverage or had exploits active before scanners could detect them, indicating a significant lag in traditional detection methods.

The report highlights an astounding reduction in the average time taken from vulnerability disclosure to a working exploit. The timeframe plummeted from 125.3 days to only 0.5 days within just 16 months, largely attributed to advancements in AI technologies. This fast-paced exploit development underscores a critical gap that cybersecurity teams must address urgently.

Technological Advancements and Their Implications

The report points to AI's role in this rapid acceleration, particularly with tools based on large language models. These tools enable malicious actors to ingest patch details, identify crucial code changes, and produce proof-of-concept exploits at a speed that traditional methods cannot match. In the words of Geng Sng, CTO and co-founder of Cogent Security, “The framework under which security teams operated, where they had days or even weeks to respond to new CVEs, is no longer viable.”

Furthermore, more than half (54%) of all CVEs published from 2025 have neither been detected by major scanner vendors like Tenable, Qualys, or Rapid7. This raises a crucial point: without timely recognition of vulnerabilities, systems remain dangerously exposed.

Vendor-specific scanner performance also revealed disparities. Tenable showed a median detection lag of 0.1 days following disclosures, compared to 2.9 days for Qualys and 5.1 days for Rapid7. This variance signifies that some scanners may not provide the necessary protection, especially regarding critical vulnerabilities.