What happened
ProjectDiscovery published (June 18, 2026) research documenting that the average CVE is now exploited *before* public disclosure. CVE volume grew from ~18,000 (2018) to ~50,000 (2025), while time-to-exploit collapsed from ~2 months to negative days, driven by AI-accelerated exploit generation.
Why it matters
This is the foundational threat context motivating Continuum, MDASH, and agentic security platforms. Traditional reactive patching is no longer viable; defenders must shift to real-time vulnerability management and continuous monitoring. The research validates the urgency of AI-driven defensive tooling.
Applicability
CISOs and security leaders should use this as evidence to shift vulnerability management strategy from patch cycles to continuous, AI-accelerated monitoring. Procurement teams evaluating Continuum, MDASH, or similar platforms should reference this data.