US Launches Gold Eagle to Coordinate AI-Driven Vulnerability Management
The White House announced Gold Eagle to help accelerate the discovery, prioritization and patching of flaws found by AI
Vulnerability management finds and prioritizes exploitable weaknesses, reducing breach risk through timely patching, remediation, and verification.
Search across headline titles and summaries.
Background for this topic.
Vulnerability management is the ongoing process of finding, assessing, prioritizing, and addressing weaknesses in software, systems, cloud services, and devices. It helps defenders reduce the attack surface: an attacker may use a known flaw in an internet-facing service, endpoint, or dependency to gain access or increase privileges, but exposure depends on factors such as reachability, exploit availability, and existing controls.
Effective practice combines an accurate asset and software inventory with authenticated scanning, threat intelligence, and risk-based prioritization rather than treating every finding equally. Teams should patch or upgrade vulnerable components within defined timeframes, remove unnecessary exposure, or apply compensating controls such as isolation, access restrictions, and configuration changes when immediate remediation is impractical. Remediation must be verified through rescanning or other testing, with exceptions documented and reviewed; this also provides evidence for security governance and compliance. Vulnerability management supports incident response by identifying affected assets when a newly exploited flaw is disclosed.
Weekly headline count for the current query.
The White House announced Gold Eagle to help accelerate the discovery, prioritization and patching of flaws found by AI
Working with frontier AI models, this new platform aims to help discovering, prioritizing, validating and remediating code vulnerabilities
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work
Inaugural Infosecurity Europe Cyber Startup Award Winner Impresses Panel with Ability Help Prioritize Vulnerabilities in AI era
AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and indiscriminate exploitation observed across the internet is now measured in hours, not days
Advanced AI Models Find More Holes Than Enterprise Security Teams Can PlugArtificial intelligence models such as Anthropic's Mythos are rapidly exposing decades of hidden software security debt, forcing CIOs and CISOs to rethink vulnerability management, remediation capacity and the trade-offs between availability and breach prevention.
Acquisition Adds Advisory, GRC and Vulnerability Services to ImagineX's MDR CoreTekStream acquired ImagineX’s cyber division to integrate advisory, vulnerability management and GRC with its MDR services, aiming to help CISOs defend against faster, AI-driven attacks by unifying proactive and reactive security into a single operational model.
SANS Institute and Cloud Security Alliance Leaders on the Coming Vulnerability StormIn the latest Proof of Concept, SANS and Cloud Security Alliance leaders join ISMG editors to discuss how the storm clouds of Claude Mythos could upend cyber defenses by compressing time to exploit, and why vulnerability management, risk models and security operations must change.
At VulnCon, Lindsey Cerkovnik, head of vulnerability management at CISA, said AI companies should play a bigger role in vulnerability disclosures in the future
Intruder's Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management.
Index Ventures Backs End-to-End Platform, Targeting of AI-Driven Vulnerability RiskAstelia raised $35 million in Series A funding led by Index Ventures to scale its AI-powered exposure management tool. The company uses AI agents and network analysis to help enterprises prioritize exploitable vulnerabilities and reduce remediation noise across hybrid and on-premises environments.
Access, Vulnerability Management, Configuration LapsesA federal watchdog agency inspection of information security at the VA health system in Spokane, Wash. last year found deficiencies across three areas - configuration management, vulnerability management and access controls - that could potentially put sensitive data at risk, a new report said.
Nearly $270M Cut From CISA Despite Mounting Foreign CyberthreatsCongress is proposing cuts of nearly $270 million from the Cybersecurity and Infrastructure Security Agency's budget for fiscal year 2026, reducing funding for threat hunting and vulnerability management as officials warn foreign adversaries are escalating cyber operations targeting U.S. systems.
Gartner® doesn’t create new categories lightly. Generally speaking, a new acronym only emerges when the industry's collective "to-do list" has become mathematically impossible to complete. And so it seems that the introduction of the Exposure Assessment Platforms (EAP) category is a formal admission that traditional Vulnerability Management (VM) is no longer a viable way to secure a modern
Tromzo Acquisition Adds AI Team and Technology for Automated Security RemediationCheckmarx acquired AI security startup Tromzo to jumpstart its roadmap for agentic application security. The deal gives Checkmarx a ready-built platform and team focused on enterprise-grade triage and remediation agents designed to streamline vulnerability management.
Skills Needed: Enterprise Architecture, Configuration and Vulnerability ManagementWhen a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation.
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities. Taking into account that nearly 10% of
Integrity's Ed Parsons on How Regs Are Pushing Firms Toward Proactive SecurityThe NIS2 Directive has driven significant improvements in vulnerability management across Europe. Organizations are accelerating vulnerability discovery by engaging with crowdsourced security communities and ethical hackers, said Ed Parsons, chief operations officer at Integrity.
Tenable's Nate Dyer on Moving Beyond Traditional Vulnerability ManagementVulnerability management no longer covers the full attack surface. Nathan Dyer of Tenable explains how unified exposure management helps reduce risk, shrink ticket volume and increase operational efficiency by unifying data, context and response across teams.
Verve's Rick Kaun on Bridging the Gap Between IT and OT SecurityOperational technology faces security risks that differ sharply from IT, yet both teams must collaborate to secure critical assets, said Rick Kaun, vice president of solutions at Verve. He explains why OT security needs a different approach to vulnerability management and risk prioritization.