Governance  ·  Glossary

CISA Known Exploited Vulnerabilities (KEV) Catalog

This is a US government list of specific software flaws that are confirmed to already be under active attack in the real world, as opposed to flaws that are merely theoretically dangerous. Federal agencies are required to fix KEV-listed issues on a strict deadline, and the list is widely used by private companies as a priority signal for what to patch first.
When a vulnerability in AI infrastructure (like SharePoint feeding a Copilot knowledge base, or a remote-access tool used to deploy AI systems) lands on the KEV list, it signals that attackers are actively exploiting it now, not someday — demanding immediate board-level attention to patching timelines.
CISA KEV Catalog
Track this in the live feed See how this plays out in real AI security and governance developments.
Open the feed →