VendorsCogent Security
Cogent Security
Cybersecurity reports and statistics published by Cogent Security
7 categories1 reports
Research Reports
Reports and publications from Cogent Security
Recent Statistics & Reports
AI-assisted exploit development compressed the average time from vulnerability disclosure to a working exploit from 125.3 days in January 2025 to 0.5 days by April 2026.
5/31/2026•
Exploit DevelopmentVulnerability ManagementExposure Window
55.7% of critical CVEs never received scanner coverage at all.
5/31/2026•
Vulnerability ManagementSecurity ScannersCVEs
44.3% of critical CVEs received scanner coverage.
5/31/2026•
Vulnerability ManagementSecurity ScannersCVEs
62.0% of critical vulnerabilities with known exploits had a working exploit available before scanner detection signatures shipped.
5/31/2026•
Vulnerability ManagementSecurity ScannersExploits
54.0% of CVEs published since January 2025 had no detection signature from Tenable, Qualys, or Rapid7.
5/31/2026•
Vulnerability ManagementSecurity ScannersCVEs
Median detection lag from vulnerability disclosure was 0.1 days for Tenable, 2.9 days for Qualys, and 5.1 days for Rapid7.
5/31/2026•
Security ScannersVulnerability Management
Exploits appeared before scanner detection for 62.5% of critical CVEs at Tenable, 64.5% at Qualys, and 73.5% at Rapid7.
5/31/2026•
Vulnerability ManagementSecurity ScannersExposure Window
83.2% of critical vulnerabilities either lacked scanner coverage entirely or had exploits appear before detection ships.
5/31/2026•
Vulnerability ManagementExposure WindowSecurity Scanners