.png){kind=logo}
The original article appeared here.
The Cloud Security Alliance (CSA) found that 80% of organizations that miss the 24-hour patch window report security incidents involving known vulnerabilities.
CSA’s study, released June 2, also found that even pre-production controls are not stopping known flaws in the AI age as 82% of organizations lack real-time visibility into AI runtime behavior.
Some of the numbers from the CSA survey are stark: Only 9% of the 900 organizations surveyed remediate critical or high-severity vulnerabilities in production within 24 hours, while 74% take between one day and seven days.
“As AI-driven applications introduce more dynamic behavior and threat actors continue to accelerate exploitation timelines, the ability to determine what's genuinely exploitable and act on it quickly is becoming the central operational challenge in application security,” said Hillary Baron, the CSA’s AVP of Research.
...
Gidi Cohen, chief executive officer at Bonfy, said the CSA report's most striking finding isn't the patch window statistic, it’s what sits behind it: nearly half of organizations hit by production incidents were compromised by vulnerabilities they'd already identified.
“They knew, but they still couldn't act in time,” said Cohen. “That's not a detection failure. That's a control failure.”
Cohen said the security industry has spent years optimizing for the wrong side of the equation. Detection describes a problem, while control solves one. Cohen said with 70% of organizations running AI in production, yet 82% lacking real-time visibility into AI runtime behavior, the gap will compound fast.
"Patching faster is necessary, but not sufficient,” said Cohen. “The harder question is whether our controls understand enough about the data, the entities involved, and the business context to enforce accurately, without generating the false positives that cause security teams to quietly turn enforcement off. That's what turns runtime visibility from another noisy dashboard into actual risk reduction.”
%20(3).png?width=200&height=200&name=Bonfy-YB-Icon%20(200%20x%20200%20px)%20(3).png)