When Vulnerability Databases Become Triage Systems

NIST’s NVD update, record CVE growth, and the economics of AI-scaled cyberattacks

An analysis of NIST’s 2026 NVD update, record CVE growth, AI-scaled vulnerability discovery, and the shift from CVSS-driven patch queues to enterprise-specific cyber-risk triage.
cybersecurity
machine learning
🇬🇧
Author

Antonio Montano

Published

May 22, 2026

Modified

May 23, 2026

Abstract

This article analyzes NIST’s April 2026 update to the National Vulnerability Database as a structural signal in the evolution of vulnerability management. Its central thesis is that the public vulnerability-management ecosystem has crossed a scale threshold. The issue is not simply that more CVEs are being published, nor merely that NIST changed an operational process. The deeper issue is that the global production of disclosed vulnerabilities has exceeded the realistic capacity of centralized enrichment systems. As NIST moves toward prioritized enrichment, enterprises can no longer treat NVD metadata as a complete, uniformly available, and sufficient decision layer for remediation.

The article begins from a first-principles distinction between a vulnerability name and an enterprise risk decision. A CVE identifier names a publicly disclosed weakness so that vendors, researchers, defenders, scanners, regulators, and operators can refer to the same defect without ambiguity. But a CVE does not determine whether the defect is exploitable in a specific environment, reachable from an attacker-controlled path, present on a business-critical asset, attractive to adversaries, mitigated by compensating controls, or urgent enough to interrupt ordinary change windows. NVD enrichment adds important decision-support metadata, including severity scores, affected product mappings, weakness classifications and references, but even this enrichment is not equivalent to risk.

The NVD update is therefore interpreted as an institutional acknowledgment that vulnerability intelligence has become a triage problem. According to the article, NIST reported a 263 percent increase in CVE submissions between 2020 and 2025, and submissions in the first three months of 2026 were almost one third higher than in the same period of the previous year. NIST also enriched nearly 42,000 CVEs in 2025, 45 percent more than in any previous year, yet this increased throughput still did not keep pace with the volume of new records. The consequence is selective enrichment: CVEs in CISA’s Known Exploited Vulnerabilities catalog, CVEs affecting software used by the U.S. federal government, and CVEs affecting critical software receive priority, while other CVEs may be listed without immediate enrichment.

This change breaks a weak but common enterprise assumption. Many organizations have implicitly treated NVD-derived data as if it were the authoritative risk context for their patching workflow. A scanner imports CVEs, maps them to assets, assigns CVSS-based severities, and produces remediation tickets. That model was always incomplete, but it becomes more fragile when public enrichment is delayed or selective. The vulnerability still exists even if the public metadata is incomplete. Absence of immediate NVD enrichment must not be read as absence of exploitability, exposure, adversary interest, or business risk.

The article then explains what NVD enrichment actually gives defenders and why its limits matter. NVD, CVE, CVSS, CPE, CWE and related metadata provide a shared technical language and a partial decision substrate. They help tools identify affected software, characterize severity, connect references, and automate parts of vulnerability management. But enterprise risk emerges only when several local variables intersect: software defect, deployment context, reachability, identity exposure, asset value, business process criticality, adversary motive, available exploit paths, compensating controls, detection coverage, operational resilience and patch feasibility. A public database can help describe the defect; it cannot know the enterprise topology.

The article’s first-principles model is that risk is relational, not intrinsic. Software contains defects. Some defects are exploitable under specific technical conditions. Some exploitable defects are reachable in a given enterprise environment. Some reachable defects are useful to adversaries because they reduce the cost of achieving theft, extortion, persistence, disruption, fraud, espionage or lateral movement. Some affected assets matter more than others because they support identity, remote access, backup, production, customer data, payments, safety, cloud control planes, CI/CD pipelines, or operational technology. Risk arises from this intersection, not from the CVE record alone.

The article rejects the superficial explanation that CVE growth is only a measurement artifact. Improved reporting matters: more vendors disclose, more researchers file CVEs, more open-source projects participate, SBOM practices make dependencies more visible, and vulnerability-reporting processes are more institutionalized. But reporting is only part of the story. The vulnerability discovery function itself is changing. Manual code review, reverse engineering, exploit research, fuzzing design, crash triage and proof-of-concept validation have historically depended on scarce expert labor. Automated scanners and fuzzers already weakened that constraint. Machine learning and large language models weaken it further.

AI and machine-learning systems can assist vulnerability discovery by searching large codebases, ranking suspicious functions, generating test cases, guiding fuzzing campaigns, summarizing crash traces, explaining unfamiliar code, comparing vulnerable and patched versions, and producing candidate fixes or proofs of reachability. This does not mean that every machine-generated finding is valid. It means the marginal cost of generating candidate vulnerabilities is falling. When the cost of discovery falls, the number of disclosed, submitted, duplicated, disputed and eventually confirmed vulnerabilities rises. Public databases, vendors, maintainers, bug-bounty programs and enterprise security teams must then triage a larger flow of signals.

At the same time, the protected object has become more complex. Modern enterprises are not defended as a few servers behind a perimeter. They consist of cloud platforms, SaaS integrations, APIs, identity providers, CI/CD pipelines, open-source dependencies, mobile applications, edge devices, OT gateways, remote-access appliances, containers, Kubernetes clusters, AI services, third-party processors, managed services and vendor-controlled platforms. Each element has its own update rhythm, dependency graph, privilege model, exposure pattern and failure mode. The number of possible failure points grows faster than the number of systems that a human operator can inspect manually.

The article therefore reads vulnerability growth as the convergence of three pressures: better disclosure, expanding digital attack surface and machine-assisted discovery. This convergence changes the economics of defense. Vulnerability management can no longer be a clerical queue that waits for fully enriched records and then patches according to generic severity. It must become an analytical function that computes which defects matter in a specific environment under specific adversary conditions.

The article then shifts to adversary economics. Cybercriminal groups, initial access brokers, state-nexus actors, state-aligned proxies, hacktivists, insiders, deceptive contractors, scammers and fraud networks differ in motive, target selection, persistence and tolerance for noise. For enterprise risk, these differences matter. A ransomware group wants monetizable disruption. An initial access broker wants tradable footholds. A state-nexus actor may accept higher cost for geopolitical value. A fraud network wants persuasion at scale. But despite different motives, the enabling economics converge: every actor benefits from lower reconnaissance cost, cheaper content generation, faster payload adaptation, better translation, reusable infrastructure, credential markets, access brokerage and automation.

This is where the article introduces its sober reading of AI in cyber operations. The strongest near-term claim is not that fully autonomous end-to-end cyberattacks have become the dominant real-world pattern. The stronger claim is narrower and more operationally important: AI lowers the marginal cost of familiar attack steps. It can assist reconnaissance, phishing, translation, personalization, fake persona generation, script writing, exploit-code explanation, payload adaptation, infrastructure configuration, vulnerability research and analysis of stolen or open-source data. AI changes the production function before it changes the attack class.

The article formalizes this through a simple economic intuition. If an attack campaign’s profit depends on targets, conversion rate, value per success and operational cost, then AI is dangerous because it can increase target volume, improve personalization, reduce language and coding constraints, accelerate iteration and reduce labor per attempt. Even if conversion rates do not improve dramatically, lower unit cost and higher throughput can increase aggregate harm. AI-assisted phishing matters not because it is conceptually novel, but because acceptable-quality deception becomes cheap, multilingual, personalized and continuous.

The article also places AI inside an already industrialized cybercrime supply chain. Modern cybercrime is not usually a lone attacker conducting every step manually. It is a specialized economy with malware developers, phishing-kit sellers, initial access brokers, bulletproof hosting providers, residential proxy suppliers, ransomware affiliates, negotiators, data leak operators, money launderers, mule networks and reputation systems. AI does not need to create this market. It increases the productivity of roles that already exist. Low-skill actors get assistance with lures, scripts and infrastructure. Mid-skill actors increase throughput. Advanced actors may accelerate vulnerability research, code review, exploit adaptation and operational analysis.

The consequence for defenders is that latency becomes more expensive. In earlier operating conditions, enterprises often survived slow remediation workflows because attackers also had finite labor. Disclosure happened, scanners updated, tickets accumulated, maintenance windows arrived and remediation eventually occurred. This was never robust, but delay sometimes worked because weaponization and targeting were constrained. AI-assisted workflows reduce that implicit buffer by helping adversaries monitor disclosures, summarize technical write-ups, create exploit-adjacent tooling, draft targeted lures, scale scanning and adapt attacks faster. The defender must therefore compete on decision speed, not by patching everything immediately, which is impossible, but by knowing which few things require immediate action.

The article’s proposed model is risk-based and evidence-driven vulnerability management. Public CVE data, NVD enrichment, vendor advisories, CISA KEV, exploit intelligence, asset inventory, software and dependency inventories, internet exposure, identity and privilege exposure, business criticality, compensating controls and operational resilience must converge into one decision process. A vulnerability affecting an internet-facing identity provider, VPN concentrator, firewall, ERP integration layer, CI/CD platform, backup system or remote monitoring appliance may require emergency treatment even before NVD enrichment is complete. Conversely, a high-CVSS vulnerability in an unreachable component with strong compensating controls may be less urgent than a medium-severity vulnerability actively exploited in the wild.

CISA KEV receives special attention because it records vulnerabilities known to have been exploited in the wild and is designed to support prioritization. But the article is careful not to turn KEV into another oracle. KEV is evidence of confirmed exploitation, not a complete prediction system. Waiting for KEV inclusion may be too slow for highly exposed assets. The practical priority stack must therefore combine known exploitation, public exploit availability, internet reachability, asset criticality, identity privilege, lateral movement potential, data sensitivity, vendor patch maturity, compensating controls and business-continuity impact.

The enterprise changes required by this model are organized into five layers. The first is semantic. Vulnerability management should not primarily ask how many critical CVEs exist. It should ask which exploitable weaknesses create material business risk in the actual environment. The second is architectural. Asset inventory, software inventory, identity inventory, external attack-surface management, endpoint telemetry, cloud posture and threat intelligence must converge. A scanner without asset context creates noise. Threat intelligence without topology creates anxiety. Asset inventory without exploit intelligence creates false calm.

The third change is procedural. Remediation SLAs should not be based only on CVSS. They should incorporate exploitation evidence, exposure, business criticality and compensating controls. KEV-listed vulnerabilities on externally reachable or privileged systems should trigger emergency governance. Vulnerabilities in edge devices, identity systems, backup infrastructure, remote-access systems and administrative platforms should receive special treatment because these assets often determine whether an attacker can enter, persist, escalate or recover access after partial remediation.

The fourth change is economic. Enterprises must assume that attackers are continuously reducing their unit cost. Defensive workflows that remain manual, ticket-heavy, fragmented and dependent on delayed public metadata will lose against adversaries that automate reconnaissance, content generation, infrastructure rotation and exploit adaptation. The answer is not blind automation. It is controlled automation: machine-speed enrichment, pre-approved emergency playbooks, continuous exposure validation and human approval for high-impact remediation actions.

The fifth change is epistemic. Security teams must explicitly mark unknowns instead of treating missing metadata as safety. A CVE without NVD enrichment is not safe. A product without an SBOM is not understood. A SaaS integration without ownership is not governed. A remote-access appliance without telemetry is not monitored. An AI tool embedded into development or operations without threat modeling is not merely a productivity tool; it is a new trust boundary. Mature vulnerability management must therefore include uncertainty management, not only ticket management.

The conclusion is that NIST’s NVD update is not a retreat from vulnerability management. It is a public acknowledgment that vulnerability intelligence has become a scale problem. The number of disclosed defects is growing, the software supply chain is expanding, attackers are industrialized, and AI is lowering the marginal cost of offensive subtasks. The correct enterprise response is neither panic nor passive dependence on public databases. It is a formal risk model.

A CVE is a name. NVD enrichment is context. KEV is evidence of exploitation. CVSS is severity under an abstract scoring system. None of these alone is enterprise risk. Enterprise risk must be computed from exploitability, exposure, asset value, adversary motive, control effectiveness and operational resilience. AI does not invalidate this model; it makes it more urgent. When attackers can produce more attempts at lower cost, defenders cannot rely on slow queues, static scores and incomplete inventories. Vulnerability management must become less like clerical patch administration and more like a real-time governance and triage system centered on the enterprise’s own assets, own exposure and own business impact.

An analysis of NIST’s 2026 NVD update, record CVE growth, AI-scaled vulnerability discovery, and the shift from CVSS-driven patch queues to enterprise-specific cyber-risk triage.

A database under pressure

NIST’s April 2026 update to the National Vulnerability Database should not be read as an administrative detail. It is a signal that the public vulnerability ecosystem has crossed a scaling threshold. The old implicit model was simple: every CVE record could be ingested, analyzed, enriched, scored, mapped to affected products, and made usable for prioritization by a central public infrastructure. That model was already strained. NIST has now made the constraint explicit.

According to NIST, CVE submissions increased by 263% between 2020 and 2025, and submissions in the first three months of 2026 were almost one third higher than in the same period of the previous year. NIST also states that it enriched nearly 42,000 CVEs in 2025, 45% more than in any previous year, yet that increased throughput was still insufficient to keep pace with the volume of new vulnerability records.1

The operational consequence is direct. NIST will continue to add submitted CVEs to the NVD, but it will no longer attempt to immediately enrich all of them. Instead, enrichment will be prioritized for CVEs that appear in CISA’s Known Exploited Vulnerabilities catalog, CVEs affecting software used within the U.S. federal government, and CVEs affecting critical software as defined under Executive Order 14028.2 Other CVEs may still be listed, but they can be categorized as lowest priority and not scheduled for immediate enrichment.

This is a rational triage response to a capacity constraint. It is also a structural warning to enterprises: the presence of a CVE identifier is no longer enough, and the absence of immediate NVD enrichment must not be interpreted as absence of risk.

What NVD enrichment actually gives defenders

The distinction matters because a CVE is not a risk assessment. A CVE identifier is a naming mechanism for a publicly disclosed vulnerability. It allows actors to refer to the same defect without ambiguity. The NVD enrichment layer adds practical decision support: severity scores, affected product mappings, weakness classifications, references, and other metadata that vulnerability-management tools use to rank remediation work.

That enrichment layer has become infrastructural. Patch-management dashboards, software composition analysis tools, security scanners, risk registers, and compliance reports often depend on NVD-derived metadata. When enrichment is delayed or selective, downstream systems receive less context. The vulnerability still exists, but the machine-readable signal used to prioritize it may be incomplete.

The first-principles view is therefore simple: software contains defects; some defects are exploitable under specific technical conditions; some exploitable defects are reachable in a given environment; some reachable defects are attractive to adversaries because they reduce the cost of achieving an objective; risk emerges only when vulnerability, exposure, asset value, adversary intent, and defensive control failure intersect.

A public database can help with defect naming and part of technical characterization. It cannot, by itself, determine enterprise exposure, business impact, adversary interest, compensating control effectiveness, or operational urgency. Those variables are local.

%%{init: {"theme": "neo", "look": "handDrawn", "layout": "elk"}}%%

flowchart TD
    A[Public CVE record] --> B[NVD or vendor enrichment]
    B --> C[Scanner / SCA / vulnerability-management platform]
    C --> D[Enterprise asset context]
    D --> E[Exposure and exploitability analysis]
    E --> F[Business impact and compensating controls]
    F --> G[Patch, mitigate, accept, or monitor]

    H[CISA KEV / exploit intelligence] --> E
    I[Threat actor activity] --> E
    J[Internet exposure / identity exposure] --> E
Figure 1: From public vulnerability record to enterprise remediation decision.

NIST’s update formalizes what mature security teams already know: vulnerability management cannot be outsourced to a public score. CVSS is useful, but it is not risk. CPE mapping is useful, but it is not asset exposure. KEV status is powerful, but it is not the full universe of exploitable risk. The enterprise must combine public vulnerability intelligence with internal topology, identity state, internet exposure, software inventory, compensating controls, and business criticality.

Why CVE growth is not just a measurement problem

One superficial interpretation would be that CVE volume is rising merely because reporting has improved. That is partly true. More vendors disclose, more researchers file, more open-source projects participate, software bill-of-material practices make dependencies more visible, and vulnerability-reporting channels have become more institutionalized.

But this is not only a reporting effect. The discovery function itself is changing.

Historically, vulnerability discovery was constrained by scarce human expertise. Manual code review, reverse engineering, exploit research, fuzzing campaign design, crash triage, and proof-of-concept validation required specialized operators and significant time. Automated scanners and fuzzers already weakened that constraint, but machine learning and, more recently, large language models change it further. They make it easier to search large codebases, rank suspicious functions, generate test cases, guide fuzzing, summarize crash traces, explain unfamiliar code, compare vulnerable and patched versions, and produce candidate fixes or proofs of reachability.

This does not mean that every machine-generated finding is valid. Quite the contrary: automated discovery increases both signal and noise. It can produce real vulnerabilities, duplicate findings, low-quality reports, false positives, and findings that are technically interesting but operationally irrelevant. The important point is that the cost of generating candidate vulnerabilities is falling. When the cost of discovery falls, the number of disclosed, submitted, disputed, duplicated, and eventually confirmed vulnerabilities rises.

Recent AI-security research and public initiatives make this shift visible. DARPA’s AI Cyber Challenge was explicitly designed around AI systems that discover and patch vulnerabilities in real-world software, and its results showed that AI-driven cyber reasoning systems can operate at a scale and speed that would not be realistic for purely manual analysis.3 The broader research literature on AI-based software vulnerability detection describes the movement from traditional static analysis and rule-based matching toward machine-learning and deep-learning techniques able to learn representations of vulnerable code patterns.4 In practical terms, this means that vulnerability discovery is becoming less artisanal and more computational.

The attack surface has expanded at the same time. Enterprise systems now consist of cloud platforms, SaaS integrations, APIs, identity providers, CI/CD pipelines, open-source dependencies, mobile apps, edge devices, OT gateways, remote access appliances, containers, Kubernetes clusters, AI services, and third-party data processors. Each component has its own update cycle, dependency graph, privilege model, and exposure pattern. The number of possible failure points grows faster than the number of systems visible to a human operator.

The defender’s problem is therefore double. First, the object being defended has become more complex. Second, the mechanisms for finding defects in that object have become more automated. A vulnerability is not a single object; it is a relation among code, configuration, deployment context, identity, reachability, data sensitivity, adversary capability, and now also machine-assisted discovery. The more software-defined the enterprise becomes, the more this relation must be computed rather than manually inspected.

This is the deeper meaning of the NVD update. Public vulnerability infrastructure is being forced into triage because the global defect-disclosure pipeline is growing faster than manual enrichment capacity. Better reporting explains part of the volume. A larger attack surface explains another part. But the decisive new pressure is that vulnerability discovery itself is becoming machine-assisted. The same automation that helps defenders find and patch defects also increases the number of findings that public databases, vendors, maintainers, bug-bounty programs, and enterprise security teams must triage.

At the same time, attackers are being given better automation. The two trends meet in the same place: the window between discovery, disclosure, weaponization, detection, and remediation is shrinking.

Threat actors differ, but attack economics converges

Cybersecurity discussions often group adversaries by technical sophistication. For enterprise risk, that is insufficient. Motivation determines target selection, persistence, monetization, and tolerance for noise.

A simplified but useful classification is the following.

Actor category Primary motive Typical objective Economic logic
Cybercriminal groups Financial gain Ransomware, extortion, fraud, credential theft, data theft Maximize return per intrusion and scale repeatable playbooks
Initial access brokers Financial gain Sell access to compromised networks Convert technical access into a tradable commodity
State-nexus actors Espionage, pre-positioning, strategic advantage Intelligence collection, long-term access, influence, disruption Accept higher cost when geopolitical value is high
State-aligned or proxy actors Strategic alignment, deniability, influence Disruption, harassment, political signaling, espionage support Blend state interest with criminal or ideological infrastructure
Hacktivists Ideological or geopolitical signaling DDoS, website defacement, data leaks, publicity operations Maximize visibility at low cost
Insiders and deceptive contractors Financial gain, coercion, state tasking, grievance Data theft, sabotage, covert access, revenue generation Exploit legitimate access and trust boundaries
Scammers and fraud networks Financial gain Business email compromise, romance scams, fake hiring, payment diversion Scale persuasion and personalization

The categories differ, but the economics increasingly converge. Every actor benefits from lower reconnaissance cost, cheaper content generation, faster payload adaptation, better translation, automated infrastructure rotation, reusable malware kits, credential markets, and access brokerage. Even when the end goals differ, the enabling layer is becoming more industrial.

Microsoft’s 2025 Digital Defense Report states that financially motivated activity dominates its observed landscape, with extortion, ransomware, and data theft as primary attack motivations, while espionage accounts for only 4% of attacks when motivation is identifiable.5 Google Cloud’s Mandiant M-Trends 2025 report similarly reported that 55% of threat groups active in 2024 were financially motivated, while 8% were motivated by espionage.6

The implication is not that espionage is irrelevant. It is that most enterprise compromises are economically driven, while high-value sectors must also assume strategic targeting. A manufacturer, utility, financial institution, public administration body, cloud provider, or software vendor may be interesting both to criminals and to state actors, but for different reasons.

AI changes the cost curve before it changes the attack class

The most important effect of AI is not necessarily that it creates entirely new cyberattack categories. The stronger current claim is narrower and more defensible: AI lowers the marginal cost of existing attack steps.

A cyber operation can be decomposed into tasks.

%%{init: {"theme": "neo", "look": "handDrawn", "layout": "elk"}}%%

flowchart TD
    A[Reconnaissance] --> B[Vulnerability identification]
    B --> C[Weaponization or payload adaptation]
    C --> D[Delivery]
    D --> E[Execution]
    E --> F[Persistence and privilege]
    F --> G[Command, control, and lateral movement]
    G --> H[Objective: theft, extortion, disruption, influence]

    I[AI assistance] --> A
    I --> B
    I --> C
    I --> D
    I --> G
Figure 2: AI-assisted cyber operations as cost compression across the attack chain.

AI can assist at several points in this chain. It can draft phishing lures, translate them, personalize them, generate fake personas, summarize leaked documents, write scripts, explain exploit code, adapt malware templates, generate infrastructure configuration, support vulnerability discovery, and help operators search large volumes of stolen or open-source data.

This does not mean that fully autonomous end-to-end cyberattacks are already the dominant real-world pattern. The International AI Safety Report 2026 is careful on this point: general-purpose AI systems can assist cyberattacks, identify software vulnerabilities, and write malicious code, but fully autonomous end-to-end cyberattacks have not been reported in the real world.7 The same report emphasizes the present relevance of human-AI collaboration: humans still provide strategic guidance, decompose operations, and intervene when systems fail, while AI systems automate technical subtasks.8

That distinction is crucial. The threat is not a Hollywood model of an autonomous hacker-agent replacing adversaries overnight. The threat is a production-function change.

If an attack campaign can be represented as:

\text{profit} = (\text{targets} \times \text{conversion rate} \times \text{value per success}) - \text{operational cost}

then AI is dangerous because it can increase the number of targets, improve personalization, reduce language and coding constraints, accelerate iteration, and reduce labor per attempt. Even if the conversion rate remains constant, lower unit cost and higher throughput are enough to change the aggregate risk.

This is why AI-assisted phishing matters even when it is technically mundane. It does not need to be brilliant. It only needs to make acceptable-quality deception cheap, multilingual, personalized, and continuous.

ENISA’s Threat Landscape 2025 describes phishing as the dominant intrusion vector and reports that vulnerability exploitation remained a cornerstone of initial access at 21.3%. It also states that, by early 2025, AI-supported phishing campaigns reportedly represented more than 80% of observed social-engineering activity worldwide.9

That is precisely the economic compression defenders must understand. AI does not need to invent new physics. It only needs to reduce the cost of exploiting old weaknesses.

The cybercrime supply chain is already optimized for scale

AI lands in an environment already shaped by specialization. Modern cybercrime is not a single attacker typing commands from beginning to end. It is an economy.

There are malware developers, phishing-kit sellers, initial access brokers, bulletproof hosting providers, residential proxy suppliers, ransomware affiliates, negotiators, data leak site operators, money launderers, mule networks, and reputation systems inside underground forums. Europol’s IOCTA 2026 describes a cybercrime environment supported by fragmented dark web markets, resilient forums, encryption, proxies, and AI-enabled tooling.10

AI therefore does not need to create the criminal market. The market already exists. AI increases the productivity of several roles inside it.

For low-skill actors, AI lowers the entry barrier. They can generate plausible lures, understand stolen tools, debug scripts, configure infrastructure, and imitate support workflows. For mid-skill actors, AI increases throughput. They can test more variants, create more convincing pretexts, and automate repetitive tasks. For advanced actors, AI may support vulnerability research, code review, exploit adaptation, and operational analysis, although real-world evidence for fully autonomous exploitation remains more limited than speculative commentary suggests.

OpenAI’s threat reporting describes a recurrent pattern: malicious actors attach AI to existing playbooks to move faster, rather than obtaining fundamentally novel offensive capability from the model itself.11 Google Cloud’s M-Trends 2026 executive material makes a similar operational point from the defender’s perspective: adversaries are looking for opportunities to weaponize AI, exploit edge-device zero-days, and transfer access between initial-access partners and cybercrime groups.12

This is the sober interpretation. AI is not magic. It is labor compression.

Vulnerability management after the NVD update

The NVD update creates an immediate governance problem for security teams. Many organizations still use vulnerability management as a scanner-driven queue: import CVEs, sort by CVSS, assign tickets, patch according to severity. That model was always weak. It becomes weaker when public enrichment is selective.

A better model is risk-based and evidence-driven.

%%{init: {"theme": "neo", "look": "handDrawn", "layout": "elk"}}%%

flowchart LR
    A[Asset inventory] --> R[Risk decision]
    B[Software and dependency inventory] --> R
    C[NVD / CVE / vendor advisories] --> R
    D[CISA KEV and exploit intelligence] --> R
    E[External attack surface] --> R
    F[Identity and privilege exposure] --> R
    G[Business criticality] --> R
    H[Compensating controls] --> R

    R --> P1[Emergency remediation]
    R --> P2[Scheduled patch]
    R --> P3[Temporary mitigation]
    R --> P4[Detection rule / monitoring]
    R --> P5[Accepted residual risk]
Figure 3: Risk-based vulnerability management after selective public enrichment.

The enterprise should treat NVD as one evidence source, not as the risk oracle. A CVE affecting an internet-facing identity provider, VPN concentrator, remote monitoring platform, firewall, ERP integration layer, or CI/CD system may deserve immediate treatment even before NVD enrichment is complete. Conversely, a high-score vulnerability in an unreachable component with strong compensating controls may be less urgent than a medium-score vulnerability actively exploited in the wild.

CISA’s KEV catalog becomes especially important in this model because it records vulnerabilities known to have been exploited in the wild and is explicitly intended to help organizations manage vulnerabilities and prioritize remediation.13 But KEV is also not sufficient. It is a confirmed-exploitation signal, not a complete prediction mechanism. Waiting for KEV inclusion may be too late for high-exposure assets.

The practical priority stack should therefore combine known exploitation, public exploit availability, internet reachability, asset criticality, identity privilege, lateral movement potential, data sensitivity, vendor patch maturity, compensating controls, and business continuity impact.

This changes the role of vulnerability management from patch administration to operational risk computation.

AI also increases the cost of being slow

The NVD update and AI-enabled attack scaling converge on one operational fact: latency is becoming more expensive.

In the past, many enterprises implicitly relied on delay. Disclosure happened, scanning happened later, exploit maturity took time, ticket queues formed, maintenance windows arrived, and eventually remediation occurred. That process was never ideal, but it often survived because attackers also had finite labor.

AI-assisted workflows reduce that implicit buffer. They can help adversaries monitor disclosures, summarize technical write-ups, generate detection-bypass variants, create exploit-adjacent tooling, draft lures targeting affected organizations, and scale scanning or credential attacks. Google Cloud’s M-Trends 2026 notes that exploits remained the most common initial infection vector in its 2025 investigations, at 32%, and that adversaries are focusing on AI weaponization opportunities, edge devices, and hand-offs between initial-access partners and cybercrime groups.14

One should be careful with vendor telemetry because it is not the same as a neutral census of the internet. Still, it is consistent with the broader direction reported by ENISA, Microsoft, Google Mandiant, Europol, OpenAI, and the International AI Safety Report: the dominant near-term effect of AI is acceleration, scale, and lower operational cost.

The defender must therefore compete on time. This does not mean patch everything immediately. That is impossible. It means the organization must be able to decide quickly and correctly which few things must be handled immediately.

What enterprises should change

The first change is semantic. A vulnerability-management program should not ask, How many critical CVEs do we have? as its primary question. It should ask, Which exploitable weaknesses create material business risk in our actual environment?

The second change is architectural. Asset inventory, software inventory, identity inventory, external attack-surface management, endpoint telemetry, cloud posture, and threat intelligence must converge. A scanner without asset context creates noise. Threat intelligence without topology creates anxiety. Asset inventory without exploit intelligence creates false calm.

The third change is procedural. Remediation SLAs should not be based only on CVSS. They should incorporate exploitation evidence, exposure, business criticality, and compensating controls. KEV-listed vulnerabilities on externally reachable or privileged systems should trigger emergency governance. Vulnerabilities in edge devices, identity systems, backup infrastructure, remote access systems, and administrative platforms should receive special treatment because they often determine the attacker’s ability to enter, persist, or recover after partial remediation.

The fourth change is economic. Enterprises should assume that attackers are continuously reducing their unit cost. Defensive workflows that remain manual, ticket-heavy, and fragmented will lose against adversaries that automate reconnaissance, content generation, infrastructure rotation, and exploit adaptation. The answer is not blind automation. It is controlled automation: machine-speed enrichment, human approval for high-impact actions, pre-approved emergency playbooks, and continuous validation of exposure.

The fifth change is epistemic. The security team must explicitly mark unknowns. A CVE without NVD enrichment is not safe. A product without an SBOM is not understood. A SaaS integration without ownership is not governed. A remote access appliance without telemetry is not monitored. An AI tool embedded into development or operations without threat modeling is not merely a productivity tool; it is a new trust boundary.

Conclusion

NIST’s NVD update is not a retreat from vulnerability management. It is a public acknowledgment that vulnerability intelligence has become a scale problem. The number of disclosed defects is growing, the software supply chain is expanding, attackers are industrialized, and AI is lowering the marginal cost of several offensive tasks.

The correct enterprise response is not panic. It is a more formal model of risk.

A CVE is a name. NVD enrichment is context. KEV is evidence of exploitation. CVSS is severity under an abstract scoring system. None of these, alone, is enterprise risk. Enterprise risk is computed from exploitability, exposure, asset value, adversary motive, control effectiveness, and operational resilience.

AI does not invalidate that model. It makes it more urgent. When attackers can produce more attempts at lower cost, defenders cannot rely on slow queues, static scores, and incomplete inventories. They need vulnerability management that behaves less like clerical patch administration and more like a real-time decision system.

The NVD has moved toward triage because it had to. Enterprises should do the same, but with their own assets, their own exposure, and their own business impact at the center.

See also longforms

See also posts

Back to top

Footnotes

  1. National Institute of Standards and Technology. (2026, April 15). NIST updates NVD operations to address record CVE growth. National Institute of Standards and Technology. URL↩︎

  2. National Institute of Standards and Technology. (2026, April 15). NIST updates NVD operations to address record CVE growth. National Institute of Standards and Technology. URL↩︎

  3. Defense Advanced Research Projects Agency. (2025, August 8). AI Cyber Challenge marks pivotal inflection point for cyber defense. Defense Advanced Research Projects Agency. URL↩︎

  4. Shimmi, S., Okhravi, H., & Rahimi, M. (2025). AI-based software vulnerability detection: A systematic literature review. arXiv. DOI↩︎

  5. Microsoft. (2025). Microsoft Digital Defense Report 2025. Microsoft. URL↩︎

  6. Google Cloud / Mandiant. (2025, April 23). M-Trends 2025: Data, insights, and recommendations from the frontlines. Google Cloud Blog. URL↩︎

  7. International AI Safety Report. (2026, February 3). International AI Safety Report 2026. International AI Safety Report. URL↩︎

  8. International AI Safety Report. (2026, February 3). International AI Safety Report 2026. International AI Safety Report. URL↩︎

  9. European Union Agency for Cybersecurity. (2025, October). ENISA Threat Landscape 2025. European Union Agency for Cybersecurity. URL↩︎

  10. Europol. (2026). Internet Organised Crime Threat Assessment (IOCTA) 2026: The evolving threat landscape: How encryption, proxies and AI are expanding cybercrime. Publications Office of the European Union. URL↩︎

  11. OpenAI. (2026, February). Disrupting malicious uses of AI. OpenAI. URL↩︎

  12. Google Cloud / Mandiant. (2026). M-Trends 2026 report: Executive edition. Google Cloud Security. URL↩︎

  13. Cybersecurity and Infrastructure Security Agency. (n.d.). Known Exploited Vulnerabilities Catalog. Cybersecurity and Infrastructure Security Agency. Retrieved May 23, 2026, from URL↩︎

  14. Google Cloud / Mandiant. (2026). M-Trends 2026 report: Executive edition. Google Cloud Security. URL↩︎