55.7% of critical CVEs never received scanner coverage at all.

44.3% of critical CVEs received scanner coverage.

62.0% of critical vulnerabilities with known exploits had a working exploit available before scanner detection signatures shipped.

54.0% of CVEs published since January 2025 had no detection signature from Tenable, Qualys, or Rapid7.

Median detection lag from vulnerability disclosure was 0.1 days for Tenable, 2.9 days for Qualys, and 5.1 days for Rapid7.

Exploits appeared before scanner detection for 62.5% of critical CVEs at Tenable, 64.5% at Qualys, and 73.5% at Rapid7.

83.2% of critical vulnerabilities either lacked scanner coverage entirely or had exploits appear before detection ships.