NIST’s April 2026 update to the National Vulnerability Database marks a structural change in the public vulnerability-management ecosystem. The issue is not simply that more CVEs are being published, but that the volume of disclosed vulnerabilities has exceeded the realistic capacity of centralized enrichment processes. As NIST moves toward prioritized enrichment, enterprises can no longer treat NVD metadata as a complete and uniformly available decision layer. A CVE identifier names a weakness, but it does not determine exploitability, exposure, asset criticality, adversary interest, or business risk. This article reads the NVD update as a signal of a broader transition: vulnerability management is becoming a triage discipline rather than a clerical patching workflow. The growth of disclosed vulnerabilities intersects with an expanding attack surface, more complex software supply chains, cloud and SaaS dependency, edge infrastructure, identity-centric architectures, and operational technology exposure. At the same time, threat actors are becoming more specialized and economically efficient. Cybercriminal groups, initial access brokers, state-nexus actors, hacktivists, insiders, and fraud networks differ in motive, but they all benefit from lower reconnaissance cost, faster tooling, reusable infrastructure, and improved automation. The article also examines the role of artificial intelligence in this changing threat model. The immediate risk is not necessarily fully autonomous end-to-end cyberattacks, but the compression of attacker labor across familiar attack steps: phishing, translation, personalization, scripting, vulnerability research, payload adaptation, infrastructure configuration, and analysis of stolen or open-source data. AI lowers the marginal cost of attack attempts and increases operational scale, which makes defensive latency more expensive. In this context, organizations must integrate public CVE data, NVD enrichment, CISA KEV evidence, vendor advisories, exploit intelligence, asset inventory, external exposure, identity risk, compensating controls, and business criticality into a single risk-based decision process. The conclusion is that vulnerability management must evolve into a real-time governance capability. Public databases remain essential, but they are only one input. Mature organizations need their own vulnerability triage model, grounded in actual assets, actual exposure, actual adversary behavior, and actual operational impact.
A database under pressure
NIST’s April 2026 update to the National Vulnerability Database should not be read as an administrative detail. It is a signal that the public vulnerability ecosystem has crossed a scaling threshold. The old implicit model was simple: every CVE record could be ingested, analyzed, enriched, scored, mapped to affected products, and made usable for prioritization by a central public infrastructure. That model was already strained. NIST has now made the constraint explicit.
According to NIST, CVE submissions increased by 263% between 2020 and 2025, and submissions in the first three months of 2026 were almost one third higher than in the same period of the previous year. NIST also states that it enriched nearly 42,000 CVEs in 2025, 45% more than in any previous year, yet that increased throughput was still insufficient to keep pace with the volume of new vulnerability records.
The operational consequence is direct. NIST will continue to add submitted CVEs to the NVD, but it will no longer attempt to immediately enrich all of them. Instead, enrichment will be prioritized for CVEs that appear in CISA’s Known Exploited Vulnerabilities catalog, CVEs affecting software used within the U.S. federal government, and CVEs affecting critical software as defined under Executive Order 14028. Other CVEs may still be listed, but they can be categorized as lowest priority and not scheduled for immediate enrichment.
This is a rational triage response to a capacity constraint. It is also a structural warning to enterprises: the presence of a CVE identifier is no longer enough, and the absence of immediate NVD enrichment must not be interpreted as absence of risk.
What NVD enrichment actually gives defenders
The distinction matters because a CVE is not a risk assessment. A CVE identifier is a naming mechanism for a publicly disclosed vulnerability. It allows actors to refer to the same defect without ambiguity. The NVD enrichment layer adds practical decision support: severity scores, affected product mappings, weakness classifications, references, and other metadata that vulnerability-management tools use to rank remediation work.
That enrichment layer has become infrastructural. Patch-management dashboards, software composition analysis tools, security scanners, risk registers, and compliance reports often depend on NVD-derived metadata. When enrichment is delayed or selective, downstream systems receive less context. The vulnerability still exists, but the machine-readable signal used to prioritize it may be incomplete.
The first-principles view is therefore simple: software contains defects; some defects are exploitable under specific technical conditions; some exploitable defects are reachable in a given environment; some reachable defects are attractive to adversaries because they reduce the cost of achieving an objective; risk emerges only when vulnerability, exposure, asset value, adversary intent, and defensive control failure intersect.
A public database can help with defect naming and part of technical characterization. It cannot, by itself, determine enterprise exposure, business impact, adversary interest, compensating control effectiveness, or operational urgency. Those variables are local.
NIST’s update formalizes what mature security teams already know: vulnerability management cannot be outsourced to a public score. CVSS is useful, but it is not risk. CPE mapping is useful, but it is not asset exposure. KEV status is powerful, but it is not the full universe of exploitable risk. The enterprise must combine public vulnerability intelligence with internal topology, identity state, internet exposure, software inventory, compensating controls, and business criticality.
Why CVE growth is not just a measurement problem
One superficial interpretation would be that CVE volume is rising merely because reporting has improved. That is partly true. More vendors disclose, more researchers file, more open-source projects participate, software bill-of-material practices make dependencies more visible, and vulnerability-reporting channels have become more institutionalized.
But this is not only a reporting effect. The discovery function itself is changing.
Historically, vulnerability discovery was constrained by scarce human expertise. Manual code review, reverse engineering, exploit research, fuzzing campaign design, crash triage, and proof-of-concept validation required specialized operators and significant time. Automated scanners and fuzzers already weakened that constraint, but machine learning and, more recently, large language models change it further. They make it easier to search large codebases, rank suspicious functions, generate test cases, guide fuzzing, summarize crash traces, explain unfamiliar code, compare vulnerable and patched versions, and produce candidate fixes or proofs of reachability.
This does not mean that every machine-generated finding is valid. Quite the contrary: automated discovery increases both signal and noise. It can produce real vulnerabilities, duplicate findings, low-quality reports, false positives, and findings that are technically interesting but operationally irrelevant. The important point is that the cost of generating candidate vulnerabilities is falling. When the cost of discovery falls, the number of disclosed, submitted, disputed, duplicated, and eventually confirmed vulnerabilities rises.
Recent AI-security research and public initiatives make this shift visible. DARPA’s AI Cyber Challenge was explicitly designed around AI systems that discover and patch vulnerabilities in real-world software, and its results showed that AI-driven cyber reasoning systems can operate at a scale and speed that would not be realistic for purely manual analysis. The broader research literature on AI-based software vulnerability detection describes the movement from traditional static analysis and rule-based matching toward machine-learning and deep-learning techniques able to learn representations of vulnerable code patterns. In practical terms, this means that vulnerability discovery is becoming less artisanal and more computational.
The attack surface has expanded at the same time. Enterprise systems now consist of cloud platforms, SaaS integrations, APIs, identity providers, CI/CD pipelines, open-source dependencies, mobile apps, edge devices, OT gateways, remote access appliances, containers, Kubernetes clusters, AI services, and third-party data processors. Each component has its own update cycle, dependency graph, privilege model, and exposure pattern. The number of possible failure points grows faster than the number of systems visible to a human operator.
The defender’s problem is therefore double. First, the object being defended has become more complex. Second, the mechanisms for finding defects in that object have become more automated. A vulnerability is not a single object; it is a relation among code, configuration, deployment context, identity, reachability, data sensitivity, adversary capability, and now also machine-assisted discovery. The more software-defined the enterprise becomes, the more this relation must be computed rather than manually inspected.
This is the deeper meaning of the NVD update. Public vulnerability infrastructure is being forced into triage because the global defect-disclosure pipeline is growing faster than manual enrichment capacity. Better reporting explains part of the volume. A larger attack surface explains another part. But the decisive new pressure is that vulnerability discovery itself is becoming machine-assisted. The same automation that helps defenders find and patch defects also increases the number of findings that public databases, vendors, maintainers, bug-bounty programs, and enterprise security teams must triage.
At the same time, attackers are being given better automation. The two trends meet in the same place: the window between discovery, disclosure, weaponization, detection, and remediation is shrinking.
Threat actors differ, but attack economics converges
Cybersecurity discussions often group adversaries by technical sophistication. For enterprise risk, that is insufficient. Motivation determines target selection, persistence, monetization, and tolerance for noise.
A simplified but useful classification is the following.
| Cybercriminal groups |
Financial gain |
Ransomware, extortion, fraud, credential theft, data theft |
Maximize return per intrusion and scale repeatable playbooks |
| Initial access brokers |
Financial gain |
Sell access to compromised networks |
Convert technical access into a tradable commodity |
| State-nexus actors |
Espionage, pre-positioning, strategic advantage |
Intelligence collection, long-term access, influence, disruption |
Accept higher cost when geopolitical value is high |
| State-aligned or proxy actors |
Strategic alignment, deniability, influence |
Disruption, harassment, political signaling, espionage support |
Blend state interest with criminal or ideological infrastructure |
| Hacktivists |
Ideological or geopolitical signaling |
DDoS, website defacement, data leaks, publicity operations |
Maximize visibility at low cost |
| Insiders and deceptive contractors |
Financial gain, coercion, state tasking, grievance |
Data theft, sabotage, covert access, revenue generation |
Exploit legitimate access and trust boundaries |
| Scammers and fraud networks |
Financial gain |
Business email compromise, romance scams, fake hiring, payment diversion |
Scale persuasion and personalization |
The categories differ, but the economics increasingly converge. Every actor benefits from lower reconnaissance cost, cheaper content generation, faster payload adaptation, better translation, automated infrastructure rotation, reusable malware kits, credential markets, and access brokerage. Even when the end goals differ, the enabling layer is becoming more industrial.
Microsoft’s 2025 Digital Defense Report states that financially motivated activity dominates its observed landscape, with extortion, ransomware, and data theft as primary attack motivations, while espionage accounts for only 4% of attacks when motivation is identifiable. Google Cloud’s Mandiant M-Trends 2025 report similarly reported that 55% of threat groups active in 2024 were financially motivated, while 8% were motivated by espionage.
The implication is not that espionage is irrelevant. It is that most enterprise compromises are economically driven, while high-value sectors must also assume strategic targeting. A manufacturer, utility, financial institution, public administration body, cloud provider, or software vendor may be interesting both to criminals and to state actors, but for different reasons.
AI changes the cost curve before it changes the attack class
The most important effect of AI is not necessarily that it creates entirely new cyberattack categories. The stronger current claim is narrower and more defensible: AI lowers the marginal cost of existing attack steps.
A cyber operation can be decomposed into tasks.
AI can assist at several points in this chain. It can draft phishing lures, translate them, personalize them, generate fake personas, summarize leaked documents, write scripts, explain exploit code, adapt malware templates, generate infrastructure configuration, support vulnerability discovery, and help operators search large volumes of stolen or open-source data.
This does not mean that fully autonomous end-to-end cyberattacks are already the dominant real-world pattern. The International AI Safety Report 2026 is careful on this point: general-purpose AI systems can assist cyberattacks, identify software vulnerabilities, and write malicious code, but fully autonomous end-to-end cyberattacks have not been reported in the real world. The same report emphasizes the present relevance of human-AI collaboration: humans still provide strategic guidance, decompose operations, and intervene when systems fail, while AI systems automate technical subtasks.
That distinction is crucial. The threat is not a Hollywood model of an autonomous hacker-agent replacing adversaries overnight. The threat is a production-function change.
If an attack campaign can be represented as:
\text{profit} = (\text{targets} \times \text{conversion rate} \times \text{value per success}) - \text{operational cost}
then AI is dangerous because it can increase the number of targets, improve personalization, reduce language and coding constraints, accelerate iteration, and reduce labor per attempt. Even if the conversion rate remains constant, lower unit cost and higher throughput are enough to change the aggregate risk.
This is why AI-assisted phishing matters even when it is technically mundane. It does not need to be brilliant. It only needs to make acceptable-quality deception cheap, multilingual, personalized, and continuous.
ENISA’s Threat Landscape 2025 describes phishing as the dominant intrusion vector and reports that vulnerability exploitation remained a cornerstone of initial access at 21.3%. It also states that, by early 2025, AI-supported phishing campaigns reportedly represented more than 80% of observed social-engineering activity worldwide.
That is precisely the economic compression defenders must understand. AI does not need to invent new physics. It only needs to reduce the cost of exploiting old weaknesses.
The cybercrime supply chain is already optimized for scale
AI lands in an environment already shaped by specialization. Modern cybercrime is not a single attacker typing commands from beginning to end. It is an economy.
There are malware developers, phishing-kit sellers, initial access brokers, bulletproof hosting providers, residential proxy suppliers, ransomware affiliates, negotiators, data leak site operators, money launderers, mule networks, and reputation systems inside underground forums. Europol’s IOCTA 2026 describes a cybercrime environment supported by fragmented dark web markets, resilient forums, encryption, proxies, and AI-enabled tooling.
AI therefore does not need to create the criminal market. The market already exists. AI increases the productivity of several roles inside it.
For low-skill actors, AI lowers the entry barrier. They can generate plausible lures, understand stolen tools, debug scripts, configure infrastructure, and imitate support workflows. For mid-skill actors, AI increases throughput. They can test more variants, create more convincing pretexts, and automate repetitive tasks. For advanced actors, AI may support vulnerability research, code review, exploit adaptation, and operational analysis, although real-world evidence for fully autonomous exploitation remains more limited than speculative commentary suggests.
OpenAI’s threat reporting describes a recurrent pattern: malicious actors attach AI to existing playbooks to move faster, rather than obtaining fundamentally novel offensive capability from the model itself. Google Cloud’s M-Trends 2026 executive material makes a similar operational point from the defender’s perspective: adversaries are looking for opportunities to weaponize AI, exploit edge-device zero-days, and transfer access between initial-access partners and cybercrime groups.
This is the sober interpretation. AI is not magic. It is labor compression.
Vulnerability management after the NVD update
The NVD update creates an immediate governance problem for security teams. Many organizations still use vulnerability management as a scanner-driven queue: import CVEs, sort by CVSS, assign tickets, patch according to severity. That model was always weak. It becomes weaker when public enrichment is selective.
A better model is risk-based and evidence-driven.
The enterprise should treat NVD as one evidence source, not as the risk oracle. A CVE affecting an internet-facing identity provider, VPN concentrator, remote monitoring platform, firewall, ERP integration layer, or CI/CD system may deserve immediate treatment even before NVD enrichment is complete. Conversely, a high-score vulnerability in an unreachable component with strong compensating controls may be less urgent than a medium-score vulnerability actively exploited in the wild.
CISA’s KEV catalog becomes especially important in this model because it records vulnerabilities known to have been exploited in the wild and is explicitly intended to help organizations manage vulnerabilities and prioritize remediation. But KEV is also not sufficient. It is a confirmed-exploitation signal, not a complete prediction mechanism. Waiting for KEV inclusion may be too late for high-exposure assets.
The practical priority stack should therefore combine known exploitation, public exploit availability, internet reachability, asset criticality, identity privilege, lateral movement potential, data sensitivity, vendor patch maturity, compensating controls, and business continuity impact.
This changes the role of vulnerability management from patch administration to operational risk computation.
AI also increases the cost of being slow
The NVD update and AI-enabled attack scaling converge on one operational fact: latency is becoming more expensive.
In the past, many enterprises implicitly relied on delay. Disclosure happened, scanning happened later, exploit maturity took time, ticket queues formed, maintenance windows arrived, and eventually remediation occurred. That process was never ideal, but it often survived because attackers also had finite labor.
AI-assisted workflows reduce that implicit buffer. They can help adversaries monitor disclosures, summarize technical write-ups, generate detection-bypass variants, create exploit-adjacent tooling, draft lures targeting affected organizations, and scale scanning or credential attacks. Google Cloud’s M-Trends 2026 notes that exploits remained the most common initial infection vector in its 2025 investigations, at 32%, and that adversaries are focusing on AI weaponization opportunities, edge devices, and hand-offs between initial-access partners and cybercrime groups.
One should be careful with vendor telemetry because it is not the same as a neutral census of the internet. Still, it is consistent with the broader direction reported by ENISA, Microsoft, Google Mandiant, Europol, OpenAI, and the International AI Safety Report: the dominant near-term effect of AI is acceleration, scale, and lower operational cost.
The defender must therefore compete on time. This does not mean patch everything immediately. That is impossible. It means the organization must be able to decide quickly and correctly which few things must be handled immediately.
What enterprises should change
The first change is semantic. A vulnerability-management program should not ask, How many critical CVEs do we have? as its primary question. It should ask, Which exploitable weaknesses create material business risk in our actual environment?
The second change is architectural. Asset inventory, software inventory, identity inventory, external attack-surface management, endpoint telemetry, cloud posture, and threat intelligence must converge. A scanner without asset context creates noise. Threat intelligence without topology creates anxiety. Asset inventory without exploit intelligence creates false calm.
The third change is procedural. Remediation SLAs should not be based only on CVSS. They should incorporate exploitation evidence, exposure, business criticality, and compensating controls. KEV-listed vulnerabilities on externally reachable or privileged systems should trigger emergency governance. Vulnerabilities in edge devices, identity systems, backup infrastructure, remote access systems, and administrative platforms should receive special treatment because they often determine the attacker’s ability to enter, persist, or recover after partial remediation.
The fourth change is economic. Enterprises should assume that attackers are continuously reducing their unit cost. Defensive workflows that remain manual, ticket-heavy, and fragmented will lose against adversaries that automate reconnaissance, content generation, infrastructure rotation, and exploit adaptation. The answer is not blind automation. It is controlled automation: machine-speed enrichment, human approval for high-impact actions, pre-approved emergency playbooks, and continuous validation of exposure.
The fifth change is epistemic. The security team must explicitly mark unknowns. A CVE without NVD enrichment is not safe. A product without an SBOM is not understood. A SaaS integration without ownership is not governed. A remote access appliance without telemetry is not monitored. An AI tool embedded into development or operations without threat modeling is not merely a productivity tool; it is a new trust boundary.
Conclusion
NIST’s NVD update is not a retreat from vulnerability management. It is a public acknowledgment that vulnerability intelligence has become a scale problem. The number of disclosed defects is growing, the software supply chain is expanding, attackers are industrialized, and AI is lowering the marginal cost of several offensive tasks.
The correct enterprise response is not panic. It is a more formal model of risk.
A CVE is a name. NVD enrichment is context. KEV is evidence of exploitation. CVSS is severity under an abstract scoring system. None of these, alone, is enterprise risk. Enterprise risk is computed from exploitability, exposure, asset value, adversary motive, control effectiveness, and operational resilience.
AI does not invalidate that model. It makes it more urgent. When attackers can produce more attempts at lower cost, defenders cannot rely on slow queues, static scores, and incomplete inventories. They need vulnerability management that behaves less like clerical patch administration and more like a real-time decision system.
The NVD has moved toward triage because it had to. Enterprises should do the same, but with their own assets, their own exposure, and their own business impact at the center.
See also longforms
Controllo e Monitoraggio della Rete: la Nuova Postura di Sicurezza degli Impianti Connessi
Gli aggiornamenti Terna agli Allegati A.13, A.69 e A.52 nel quadro europeo di resilienza cyber, NIS2, CRA e Perimetro di Sicurezza Nazionale Cibernetica
Measuring Cyber Risk in the Italian Corporate Sector
A Banca d’Italia indicator of cybersecurity vulnerability designed to support creditworthiness evaluation
The December 2025 Cyberattack on Poland’s Energy Sector
A detailed reconstruction of the incident, the malware, and the wider significance for energy and OT security
Reclaiming the Namespace: EU Digital Sovereignty in the CVE Ecosystem?
Rebalancing coordination and autonomy: EU digital sovereignty, federated CVE governance, and the conditions for sustainable economic growth
Quantum-Safe HTTPS Certificates: Google’s Structural Innovation, Technical Foundations, and Governance Implications
Engineering quantum resistant web authentication through Merkle commitments, transparency logs, and scalable trust infrastructure
A Glimpse of Agent Evolution
Intelligence, incentives, and the rise of machine coordination
Back to top
