MID-MARKET security teams are warned of a critical blind spot, with Intruder founder and CEO Chris Wallis insisting that many organisations still count vulnerabilities rather than fixing them quickly. CVE counts have surged from 30,000 to 50,000 annually, and AI-assisted discovery is likely to push that higher, widening the gap between identification and remediation and presenting a growing business risk, according to Dark Reading's Terry Sweeney.
Wallis argues that CVE-only strategies leave organisations exposed because fully patched environments can still be compromised by misconfigured databases, exposed management interfaces, and overlooked attack surface elements that traditional scanners miss, leading him to prioritise attack surface management. He notes mean time to exploit has fallen from months to hours and could shrink to minutes or seconds, while organisations patching within 30 days face a dire future if they do not rethink their approach.
Wallis, founder and CEO of Intruder, emphasises shifting focus to attack surface management and cyber hygiene to make vulnerability management more practical for mid-market teams, in an interview published 31 March 2026.