AI-ENABLED adversaries are accelerating attacks, with automation helping threat actors rapidly move from disclosure to exploitation, according to Rapid7’s 2026 Global Threat Landscape Report. The findings, drawn from Rapid7 MDR incident response investigations and other internal data, say what once unfolded over weeks now materialises in days, and in some cases minutes.
The median time between vulnerability publication and inclusion on CISA’s Known Exploited Vulnerabilities catalog fell from 8.5 days to five days, while the mean dropped from 61 days to 28.5 days. The report also notes a 105% year‑on‑year rise in confirmed exploitation of newly disclosed CVSS 7–10 vulnerabilities, increasing from 71 in 2024 to 146 in 2025, with deserialization, authentication bypass and memory corruption being common.
It adds that 25% of initial access incidents involved vulnerability exploitation, while 44% were linked to “valid account / no MFA,” underscoring the ongoing struggle against identity-related threats. according to Rapid7.