Resilient Cyber

CVEs are on pace to hit nearly 70,000 in 2026, but Jerry Gamblin explains why the actual exploitable risk is staying surprisingly flat.
Description
Jerry Gamblin runs RogoLabs and built CVE.ICU, and he co-authored the FIRST mid-year vulnerability forecast that just put 2026 on pace for nearly 70,000 CVEs. He joins Resilient Cyber to separate the scary headline number from what actually matters for defenders. We get into why GitHub now publishes one in five CVEs, the rain versus flood distinction that explains why exploitable risk is flat even as raw volume explodes, what the NVD collapse means now that the CNAs have to step up, and how teams should really be triaging with EPSS and the CISA KEV catalog.
Key takeaways
CVEs are on pace for nearly 70,000 in 2026, up more than 40 percent year over year. Much of the surge traces back to a single source, with GitHub now publishing one in five CVEs after scaling up its advisory team.
The three drivers behind the surge are very different forces. AI-assisted discovery that nobody can definitively flag, a 449 percent jump in GitHub security advisories, and VulnCheck acting as a CNA of last resort all get lumped into one scary number.
Rain versus flood is the frame that matters. Raw CVE volume is climbing fast, but once you filter for CISA KEV and EPSS the actionable, exploitable risk has stayed essentially flat.
Most of the new findings are old human debt, not a new AI threat. The OWASP Top 10 has barely changed in 25 years, and tooling can now find those same mistakes at scale across mostly open source code.
The AI moment is useful cover to finally patch. Jerry argues teams are using the AI hype cycle to win the time and resources to fix long-known issues, which is a genuinely good outcome.
The NVD was the dam that fell. It was never fair to expect one small organization to enrich every CVE, so responsibility now shifts back to the CNAs and the large vendors that leaned on it for years.
Treat CVE data as a product you pay for. Jerry's advice is to use procurement leverage, since demanding better CVE records before you renew a contract is one of the few real forcing functions available.
What gets exploited has not really changed. VPN concentrators and the same old vulnerability classes still dominate, and the NSA's annual top 10 exploited bugs are reliably old, with no sign yet of AI driving widespread attacks.
Asset inventory is still the real bottleneck. You cannot triage what you cannot see, and most organizations still cannot say with confidence whether they even run the software a given pile of CVEs affects.
AI-accelerated exploitation is coming, but not as mass exploits. The bigger shift is a tireless attacker that loops on your network for days until it finds a way in, which is exactly what agents are best at.
Guest
Jerry Gamblin, creator of CVE.ICU and founder of RogoLabs. 
Resources mentioned
FIRST 2026 mid-year vulnerability forecast
Subscribe
www.resilientcyber.io

Niels Provos on why you don't need a frontier model to find zero days, why the Vulnpocalypse is overstated, and how security invariants change the game.
Description
Niels Provos has spent twenty-five years in security, from writing bcrypt to running security at Google and Stripe, and he came on to push back on the panic around AI and vulnerabilities. He explains why finding zero days is an orchestration problem rather than a frontier-model problem, using his Iron Curtain runtime and an open-weight model to surface net-new bugs for the cost of a cheap scan. We get into security invariants and egress control, why remediation is the real bottleneck, why AI coding tools ignore the security abstractions you build, and why someone this technical keeps coming back to incentives over technology.
Key takeaways
You don't need a frontier model to find zero days. Niels used his Iron Curtain runtime and an open-weight model to surface net-new vulnerabilities, which is why he calls this an orchestration problem rather than a frontier-model problem.
The Vulnpocalypse framing is overstated. Companies already sit on more vulnerabilities than they can manage, so more findings do not fundamentally change the picture, and the catchy panic mostly drives engagement.
Security invariants beat patching one bug at a time. An invariant is an infrastructure guarantee enforced without ongoing human judgment, which makes entire classes of vulnerabilities irrelevant instead of chasing each one.
Egress control is the canonical example. If a production service can only reach a few known domains, most vulnerabilities never get to fetch a second-stage payload, so the exploit chain stalls.
The log4j story shows why it matters. As head of security at Stripe, egress control meant the malicious download could not execute, so the team had room to patch calmly instead of fighting an emergency.
Remediation, not discovery, is the harder problem. The quality bar of not breaking working code in production is what keeps fixing slow, and AI has not solved that yet even as it makes finding cheap.
AI coding tools ignore the security abstractions you build. When Niels asked Claude to add an endpoint to a carefully structured project, it bypassed his abstractions and wrote raw code, which is why frameworks need to be secure by default.
The harness is the moat. A finite state machine that decomposes vulnerability finding into stages, each with a fresh context and a tight prompt, gets reliable results from weaker models that otherwise lose the plot.
It is the incentives, not the technology. Companies do just enough security to avoid looking negligent, so without accountability shifting through something like Europe's NIS2, better tooling alone will not change outcomes.
Open source maintainers need to be empowered. They often cannot afford the latest models or the tokens to run them, yet everyone builds on their free work, so helping them fix vulnerabilities has the broadest payoff in the ecosystem.

VulnCheck's Patrick Garrity on the NVD collapse, the first real AI disclosure wave, and why remediation, not finding bugs, is the bottleneck.
Description
Vulnerability management spent years as the chore everyone dreaded, and now it is one of the hottest topics in security because attackers made exploitation the number one way in. Patrick Garrity of VulnCheck rejoins the show to separate what is real from what is marketing. 
We get into the honest state of the NIST National Vulnerability Database after CISA pulled its funding, the new AI executive order that wants a clearinghouse for AI-discovered vulnerabilities, the first measurable wave of AI-assisted disclosures, and Patrick's audit of Anthropic's Glasswing ledger. 
We also dig into why cheap AI discovery makes the remediation bottleneck worse, how AI is raising the security poverty line, and whether the 90-day disclosure model still holds.
Key takeaways
Vulnerability management is hot again because attackers made it the top way in. As Patrick puts it, attention flows to wherever the attacker goes, and right now that is exploitation.
The NIST NVD breakdown was worse than a backlog. A recent report confirmed CISA had stopped funding the NVD and NIST lost about half its funding, with no real plan to clear the backlog, which quietly hurts every defender who relies on enriched CVE data.
A new AI executive order wants a clearinghouse for AI-discovered vulnerabilities, reportedly under Treasury. Patrick's reaction is that we already have a vulnerability database, the program is optional, and it may turn into a marketing race more than a coordination win.
The first measurable AI disclosure wave is real. CVE volumes are up 563 percent for Chrome and GitHub advisories up 470 percent year to date, and Patrick separated genuine AI-assisted discovery from AI slop and from bugs that merely live in AI software by correlating researchers, domains, and email addresses across multiple advisory sources.
Patrick audited Anthropic's Glasswing ledger and found the transparency lacking. He had around 80 vulnerabilities in his own database while the public ledger listed 27, several items had blown past their own 90-day disclosure window, and the ledger had not been updated in two weeks.
Finding vulnerabilities is not the bottleneck, remediation is. AI makes discovery cheap, but the coordinated disclosure and fix process takes enormous human effort, and the median time to remediate even known exploited bugs is still measured in weeks.
Exploitation looks like it is sustaining rather than surging. CISA KEV and VulnCheck KEV are tracking similar year-over-year volumes, partly because attackers already have more than enough to target and partly because you can only count the exploitation you can actually detect.
AI is raising the security poverty line, at least for now. Token costs and access-restricted tools concentrate the most powerful discovery capabilities among well-funded teams, while smaller organizations lack the expertise to turn open-weight models into working vulnerability harnesses.
The economics are circular. AI drives the surge in findings and attacker velocity, and AI is then sold as the fix, so teams pay to surface the problem and pay again to remediate it, all on consumption-based pricing against finite budgets.
The 90-day disclosure norm mostly holds, though it may tighten. VulnCheck runs a strict 120-day policy with no exceptions and averages 45 to 48 days to fix and disclose, and for open source the fixing commit often makes the flaw public anyway.

For twenty years the security playbook started in the same place, find a vulnerability, prioritize it, and patch it. Doug Merritt, CEO of Aviatrix and former CEO of Splunk, thinks that playbook is quietly breaking, and his explanation has nothing to do with anyone being careless. The economics of offense changed underneath us, and most security programs are still funded as if they did not.
Why this conversation matters
Doug has sat in two seats that give this argument weight. At Splunk he evangelized detect and respond, and now at Aviatrix he is arguing that detect and respond, while still important, is no longer enough on its own. That is not a vendor pivot so much as an honest reading of the incentives, and it lands differently coming from someone who built a business on the previous era. If you are a practitioner watching AI rewrite the attacker's cost curve, or a leader trying to defend a prevention-heavy budget to a board, this conversation reframes where the money should actually go.
Key takeaways
Offense became a compute problem, and that is permanent. Finding and exploiting a vulnerability is a search task, and the cost per token has been deflating faster than Moore's Law. That is why this is a structural shift rather than a few headline demos, and why throwing compute at offense keeps getting cheaper and faster.
Patching has a ceiling that offense does not. Every patch carries the risk of breaking something, so testing, deployment, and organizational friction cap how fast defenders can move. When vulnerability discovery scales freely and patching cannot, "find more and patch faster" turns into a race you are structurally set up to lose.
The interesting question is not how they got in, it is where they went. Attackers increasingly arrive with valid credentials and move through the trust graph that runs across cloud services and CI/CD pipelines, including malware injected into trusted repositories. Once they look legitimate inside the environment, lateral movement and egress are where the real damage happens.
Cloud rewarded velocity, and security paid the bill. Cloud providers made identity default-deny because someone has to own and pay for a workload, but they left networking wide open because their economic engine is developer velocity and security reads as friction. New agentic frameworks inherit that same wide-open default, connected to the internet with little oversight.
A strong identity stance is necessary and not sufficient. Identity answers whether someone is allowed to act, not whether the action is an attack, which is why attackers log in rather than hack in. Human, agent, and workload identities are genuinely different, and workload identity in particular has been underserved.
Containment is about blast radius, not about keeping everyone out. The mindset shift is to accept that breaches will occur and to govern every path a workload can take, so an incident stays local and recoverable. Done well, containment holds firm whether or not anyone has detected the attack yet.
Blast radius has to become a boardroom metric. Doug's argument is that CISOs, CIOs, CEOs, and boards should be able to answer how reachable anything is from anything else, and treat that number as something to drive down deliberately rather than discover after an incident.
AI is the reason containment is finally workable. The historic blocker to micro-segmentation was cognitive load across tens or hundreds of thousands of workloads. AI is strong at synthesis and pattern matching, which makes a staged path of observe, discover, monitor, and then enforce realistic, ideally starting with the internet-exposed workloads that have no filtering at all.

In this episode of Resilient Cyber, I sit down with Katie Norton, Research Manager for DevSecOps and Software Supply Chain Security at IDC, to unpack what application security looks like as AI moves from copilot to autonomous teammate across the software development lifecycle.
We dive into:
🤖 AI's accelerating impact on AppSec and the SDLC – and the productivity-versus-risk equation now that agentic coding tools are shipping code at machine speed
💥 The "Vulnpocalypse" – the explosion of CVEs, AI-generated code, and the widening gap between vulnerability discovery and remediation capacity
🛠️ Whether legacy AppSec categories like SAST, DAST, SCA, and ASPM can keep pace – or are being fundamentally reinvented for an agentic world
🎯 The rise of autonomous pen testing and offensive security agents (XBOW, Project Naptime, Project VAIL) and what it means when offense scales faster than defense
🔗 How agentic development is reshaping software supply chain risk – from hallucinated packages to MCP server integrity and the provenance of code no human ever wrote
🏛️ Governance models for AI-generated code, the evolving AppSec team of the future, and what CISOs should be prioritizing right now
📈 Katie's predictions for where AppSec, software supply chain security, and the SDLC are heading over the next 18-24 months
Whether you're an AppSec practitioner, security leader, developer, or just trying to make sense of how AI is reshaping software security – this conversation is packed with insights you won't want to miss.
🔔 Subscribe for more conversations on cybersecurity, AI security, and the future of resilient software.
#Cybersecurity #AppSec #AISecurity #DevSecOps #AgenticAI #SoftwareSupplyChain #ResilientCyber