What happened
Cogent Security (backed by Greylock Partners and Bain Capital Ventures) launched Zero Day Response and Autonomous Remediation on May 27, 2026, alongside publishing a research report analyzing 69,159 CVEs. Zero Day Response identifies exposure within minutes of public disclosure — including pre-CVE GitHub PoC disclosures — without waiting for scanner signatures. Autonomous Remediation builds fix plans, runs preflight impact assessments, and confirms remediation. Cogent's research found the average time-to-exploit collapsed from 125.3 days (January 2025) to just 0.5 days (April 2026) via AI-assisted exploit development; 62% of critical CVEs already had active exploits before any major scanner shipped detection signatures, and 54% of all CVEs since January 2025 had no scanner coverage from Tenable, Qualys, or Rapid7 at all.
Why it matters
The 0.5-day time-to-exploit figure fundamentally invalidates monthly or even weekly scan cycle vulnerability management programs. The research documents a structural scanner detection gap — not a customer-side process problem — that leaves organizations blind during the most dangerous exploitation window. Paired with the tool launch, this validates a new product category: agentic, pre-signature vulnerability response. The finding that Mythos-class AI will set a new floor within 6-12 months raises urgency for enterprises to move away from signature-dependent workflows now.
Applicability
Any organization running vulnerability management on monthly or weekly scan cycles should treat this research as a prompt to re-evaluate their program. Large enterprises with Fortune 500 footprints and AI-facing infrastructure (AI APIs, model serving, agent runtimes) are the primary audience for the Cogent platform. CISOs should ask whether their VM programs have a 'scanner-free' detection path for the critical period between CVE disclosure and signature release.