Security teams’ patching practices have come under intense pressure over the past year, as active exploitation is up, time-to-exploit windows are accelerating, and vulnerabilities have become attackers’ top initial access vector of choice.
Last year, organizations fully remediated only 26% of the vulnerabilities that attackers were actively exploiting in the wild — down from 38% the year before, according to Verizon’s 2026 Data Breach Investigations Report. The median time to close those known dangerous gaps stretched to 43 days, while attackers have trimmed their side of the equation to days, sometimes hours.
That’s the backdrop against which the US Cybersecurity and Infrastructure Security...