Vulnerability management is reaching the limits of human scale

Vulnerability management is becoming increasingly challenging as the number of vulnerabilities grows exponentially, outpacing the capacity of human teams to manage them effectively. Despite a 75% year-over-year reduction in exploitable in-use vulnerabilities, the overall increase in vulnerabilities and the rapid weaponization facilitated by AI have highlighted the need for new approaches. The rise of AI in cybersecurity has shortened the window between vulnerability disclosure and exploitation, necessitating a shift towards automated responses and runtime security as critical defenses. Organizations are increasingly adopting automated response mechanisms, with more than 70% utilizing behavior-based detections, and a significant rise in auto-killing processes upon detection. The future of vulnerability management is likely to involve autonomous remediation driven by agentic AI, underpinned by human-defined guardrails to ensure safe and effective operation. This transformation echoes past shifts in practices like CI/CD and DevOps, emphasizing the importance of establishing robust policies and processes to manage AI-driven security measures.