From CVE Disclosure to Agentic Protection in 45 Minutes. Why it Matters Now.   

Time-to-Protection

A CVE lands in the morning. Hours later, attackers are exploiting it in the wild. The patch is not ready, the change window is days away, and the clock is already running.

Vulnerability exploitation is now the #1 initial breach access vector Median time-to-patch increased to 43 days Only 26% of KEVs were patched

None of this is new. What changed is that vulnerability exploitation is now the most common path into organizations. The 2026 Verizon Data Breach Investigations Report (DBIR) shows the shift clearly: for the first time in the report’s 19-year history, exploitation of vulnerabilities is the number one initial access vector in breaches, displacing stolen credentials. It now accounts for 31% of initial access, up from 20% one year earlier.

The challenge is no longer just patching. It is reducing the time between disclosure and protection. Organizations are struggling to keep up. Only 26% of vulnerabilities in CISA’s Known Exploited Vulnerabilities catalog were fully remediated last year, down from 38%, while the median time-to-patch stretched to 43 days (DBIR).

Attackers are finding more ways in. Organizations are closing fewer of them. The gap is widening.

Same Kill Chain. Faster Exploitation.

Attackers still need initial access, lateral movement, and an objective. What changed is the speed of each stage and the volume feeding the top of the funnel.

CVE volume shows the scale of the problem. Reported vulnerabilities grew nearly eightfold between 2022 and 2025. In April, NIST reported nearly 30% year-over-year growth in new CVE submissions. Gartner projects one million cumulative CVEs by 2030.

AI is compressing the attacker’s timeline. Frontier models are already being used to automate vulnerability research and exploit generation, accelerating the trend toward faster exploitation. The window between disclosure and weaponization is no longer safe to treat as a planning assumption. The result is faster exploitation of both zero-days and newly disclosed vulnerabilities, operating continuously and at machine scale.

Traditional Architectures Were Never Built for This

The deeper problem is architectural. Organizations are trying to defend against machine-speed attacks using security architectures built around point products, siloed visibility, and human-driven workflows.

That problem is sharpest at the edge. Internet-facing edge devices are increasingly targeted because they provide a direct path into the enterprise. When a critical CVE hits one of these systems, organizations are forced into a race between exploitation and protection.

Traditional patching is not keeping pace. The issue is two-sided: organizations must protect vulnerable applications and the edge devices enforcing that protection. Verizon’s 2025 DBIR found that only about 54% of edge-device vulnerabilities were fully remediated during the year, with a median remediation time of 32 days. As the 2026 DBIR makes clear, the broader remediation picture has only gotten worse.

When remediation lags, IPS becomes an important compensating control. But appliance-based IPS protection is not automatic. Many signatures are not set to block by default, and some remain inactive or alert-only until teams tune profiles and assess false-positive risk. That creates a gap between available protection and actual protection.

When attacks move from initial access to lateral movement in minutes, architecture determines whether defenders can keep pace.

Cato Shrinks Time-to-Protection to 45 Minutes

Time-to-Protection

Patch velocity is not enough. What matters is how quickly protection stands between the attacker and the asset.

Cato shrinks exposure with Agentic CVE Mitigation, using Cato IPS to block exploitation before remediation is complete. When a CVE is disclosed, Cato’s Agentic researcher begins analysis, creates a mitigation, and routes it to Cato Security research for validation, helping deliver protection in under an hour. Once validated, Cato deploys protection across the Cato Cloud Platform without customer intervention.

Cato reduces exposure with a cloud-native platform built to minimize the security infrastructure customers must patch and protect. In hardware-centric architectures, security appliances and their management platforms become part of the attack surface. Over the past five years, three major appliance-based security vendors disclosed more than 1,100 CVEs, including more than 60 known-exploited vulnerabilities. Every appliance and management layer creates another system that must be patched, monitored, and protected.

Frontier AI and the Demise of Hardware Security | Read the blog

With Cato, customers are not responsible for maintaining a globally distributed fleet of security appliances. Cato owns the platform lifecycle and enforces protections across the Cato Cloud Platform and Cato edge devices. The advantage is reduced attack surface and shared context. Because traffic across sites, users, clouds, and applications flows through one platform, Cato can connect signals across the attack path and enforce protections inline as the threat develops, not after separate tools reconstruct the incident.

Cato reduces exposure quickly, so IT can complete remediation safely without disrupting the business. Critical assets remain protected while those changes are completed.

Time-to-Protection Is the Metric That Matters Now

Agentic CVE Mitigation closes the gap. Cato reduces exposure before remediation is complete, without coordinating changes across distributed security infrastructure.

The 2026 Verizon DBIR reframes the question security leaders should be asking:
Not “When will we patch?”
But “How quickly can we protect the business?”

Organizations will continue to patch. But when attackers weaponize disclosures within hours, time-to-protection is the metric that matters.

Learn more about Cato Agentic CVE Mitigation and how it reduces exposure before patching is complete.

The post From CVE Disclosure to Agentic Protection in 45 Minutes. Why it Matters Now.    appeared first on Cato Networks.

By admin

Leave a Reply