Proofpoint has launched a new protection capability aimed at helping organisations cut through vulnerability noise and focus on the exploits that attackers are actively using in the wild. The move comes as AI-accelerated threat actors compress the time between vulnerability discovery and weaponisation to minutes, not weeks.
Active Exploits Protection is designed to shift security teams away from patching based on severity scores alone and towards remediation based on real-world attacker behaviour. Proofpoint says the solution uses telemetry from hundreds of millions of daily email interactions and a global sensor network to identify vulnerabilities that are actually being abused.
That matters because, as the company notes, fewer than 6% of disclosed vulnerabilities are ever observed in real attacks. In a world where frontier AI can speed up exploit discovery, security teams are increasingly overwhelmed by critical alerts that do not always translate into genuine risk.
“The speed at which threats are evolving has fundamentally changed the risk equation,” said Sumit Dhawan, chief executive of Proofpoint. “It’s no longer enough to identify vulnerabilities. Organisations need to understand what attackers are exploiting in real time and reduce their exposure immediately.”
Minutes, not days
Proofpoint says the new system can translate exploit intelligence into protection in around 35 seconds, with network-wide propagation in under 18 minutes. That is a significant departure from traditional vulnerability management, where patch cycles can lag behind attacker activity.
The company says Active Exploits Protection also helps security teams prioritise remediations based on observed attacks across more than 3 million organisations and 14,000 large enterprises.
Year to date, Proofpoint says it has identified 12 actively exploited 2026 CVEs, compared with eight listed in the US Cybersecurity and Infrastructure Security Agency’s Known Exploited Vulnerabilities catalogue.
AI drives urgency
The launch reflects a wider shift in cyber defence as frontier AI models make vulnerability discovery and exploitation faster and more scalable. Proofpoint argues that traditional patch-first approaches cannot keep up with this machine-speed environment, particularly when attacks begin before public tracking frameworks fully register the threat.
Industry data supports the broader concern. IBM’s 2025 Cost of a Data Breach Report found the global average breach cost remained at US$4.45 million, underscoring the financial stakes of delayed response.
Separately, the US CISA Known Exploited Vulnerabilities catalogue continues to grow as organisations are urged to prioritise exploited flaws rather than theoretical risk.
Operationalising response
Proofpoint said the product is built to integrate with existing security operations tools, vulnerability management systems and automation pipelines. It also supports AI-driven workflows, giving teams real-time context and API access to attack intelligence.
Vishal Salvi, global head of Cognizant’s Cybersecurity Service Line, said the tool gives enterprise teams “a sharper view of what attackers are targeting” and will help clients operationalise remediation through managed security services.
For security leaders, the takeaway reads: in the AI era, exposure reduction must move at attacker speed.
