VulnOps — Vulnerability Operations

VulnOps is an emerging operational model that fuses previously-separate security functions into a single agent-augmented discipline. The term arrives from two independent directions in the same six-month window.

Framing 1 — Discovery and remediation as a DevOps-shaped function

VulnOps is a permanent function staffed and automated like DevOps. It owns continuous discovery of zero-day vulnerabilities across the entire software estate and the automated remediation pipelines that act on them. Heather Adkins (CISO, Google), Gadi Evron (CEO, Knostic), and Bruce Schneier (Inrupt; Harvard Kennedy School) introduced the concept jointly in October 2025. It rests on a September 2025 warning by Adkins and Evron that autonomous vulnerability discovery and exploitation were roughly six months away. The Mythos-ready briefing files it as long-term Priority Action #11.

Framing 2 — Threat-intelligence and vulnerability-management fusion

VulnOps fuses cyber threat intelligence with vulnerability management. Customers of Mallory (founder Jonathan Cran) describe the goal as un-siloing the information so an agent can operationalize it: “un-silo the information so that it can be brought into the context window for the agent to be able to operationalize it.” The function maps global intelligence automatically onto organization-specific assets, cloud environments, code, and infrastructure-as-code. The CYBR.SEC.Media May 2026 article records this framing.

Both framings center the same structural observation: previously-separate functions need to be operationalized as one because modern attacks do not respect the boundaries. The two are compatible and complementary. The Mythos-ready briefing’s DevOps-shaped discovery-and-remediation function requires the CTI-to-environment-context fusion Mallory’s customers describe; the Mallory framing’s threat-intel-meets-vulnerability-management discipline requires the discovery and remediation pipelines the Mythos-ready briefing names. The wiki treats both as load-bearing sourced framings rather than competing claims.

Why It Exists

Quarterly pen tests and reactive patching cycles cannot keep pace with continuous AI-driven discovery. Existing CVE/NVD infrastructure and patch-prioritization workflows were built for dozens of critical CVEs per month, not hundreds. The Zero Day Clock documents the structural problem: the median time-to-exploit collapsed from 771 days in 2018 to zero-day by 2025, where the exploit now arrives on or before disclosure for the median exploited vulnerability.1 Vulnerability management as a periodic activity is structurally outmatched.

Two independent, non-vendor sources bound the problem from outside the term’s own coinage. The Verizon DBIR 2026 reports that vulnerability exploitation (31%) overtook stolen credentials (13%) as the leading initial-access vector across more than 22,000 confirmed breaches, even as remediation slowed: the share of CISA KEV criticals fully patched fell from 38% to 26%.2 Those figures come from breach telemetry, not benchmark capability. The FIRST Vulnerability Forecast projects CVE publication crossing 50,000 for the first time in 2026, with a median near 59,000 and a 90% confidence-interval ceiling past 117,000.3 Volume exceeds human triage capacity and arrives faster than human-paced patching. VulnOps is organized to absorb both pressures.

The volume is also mostly noise. JFrog’s 2026 analysis found that 66% of analyzed CVEs had a low applicability rate (0–20%), meaning the conditions to exploit them are rarely met in practice, and only 12% were highly exploitable in real environments.4 The scarce resource is therefore not patching capacity but the exploitability triage that separates the reachable flaws from the rest. VulnOps treats that triage as a first-class discipline.

Primary-source confirmation of the bottleneck inversion (2026-05-22). Anthropic’s one-month Glasswing update states the VulnOps premise as a direct finding from roughly 50 coalition partners: “Progress on software security used to be limited by how quickly we could find new vulnerabilities. Now it’s limited by how quickly we can verify, disclose, and patch.”5 The open-source funnel makes it concrete: 6,202 estimated high/critical found, only 1,752 assessed and 75 patched, at a roughly two-week mean patch time, and maintainers asked Anthropic to slow down disclosures.5 This is the strongest primary-source evidence to date that the scarce resource has shifted from discovery to triage-and-remediation, which is the entire reason VulnOps exists as a permanent function.

MOAK provides the mechanistic explanation: a five-agent autonomous pipeline converts a bare CVE number into a validated working exploit at a 97.8% success rate across 178 CISA KEVs, including CVEs disclosed after the models’ training cutoffs, with Claude Opus 4.6 reaching a 98% autonomous exploitation rate on the post-cutoff benchmark.6 The human analyst bottleneck, the traditional reason exploits took days to develop post-disclosure, is removed. MOAK runs live against newly-disclosed CVEs and offers a dashboard for practitioners to assess specific CVEs within hours of disclosure.

What It Is: Four Operating Properties

  1. Staffed and automated like DevOps. A permanent function, not a campaign or a project, designed around continuous flow rather than periodic snapshots. Treat it as an operating capability with on-call structure, runbooks, and dashboards rather than as a quarterly audit cycle. (Mythos-ready framing.)
  2. Owns the full software estate. Coverage spans own code, AI-generated code, third-party libraries, container images, MCP servers, IDE extensions, agent skills, and rules-files. The function does not stop at “app the security team owns”; it follows the dependency chain. (Mythos-ready framing.)
  3. Designed around triage discipline from the start. With AI-discovery rates exceeding human-paced response, triage is the load-bearing operational discipline. “Existing CVE/NVD infrastructure and patch-prioritization workflows were built for dozens of critical CVEs per month, not hundreds.” VulnOps treats triage as the primary scarce resource and designs for it explicitly: severity scoring, confidence scoring, deduplication, and prioritization queues are first-class. (Mythos-ready framing.)
  4. Un-silos threat-intel against organization-specific context. Continuous ingestion of external intelligence (CTI feeds, ISAC data, vendor advisories, GitHub disclosures, government feeds) is automatically mapped to the organization’s own assets, cloud environments, code repositories, and infrastructure-as-code configurations. Action-on-finding is policy-driven via configurable skill files. “Threads” replace conventional case-management “cases”; every investigation is a collaborative analyst-agent thread. (Mallory framing per CYBR.SEC.Media May 2026.)

Relationship to Existing Wiki Concepts

  • Complementary to the CMM but cross-cutting. VulnOps is not measured by the CMM’s nine domains. It is a function organizations stand up, akin to a SOC or a Red Team. The most-relevant CMM domains for VulnOps maturity are D8 (Supply Chain & AI-BOM) for the third-party / OSS / AI-BOM scope and D9 (Operations & Human Factors) for the burnout / triage-fatigue / decommission-lifecycle properties. A formal CMM cross-walk for VulnOps is a candidate revision-pass addition.
  • Operationalized via existing tools. OpenAnt (OSS), Codex Security (OpenAI), Claude Code Security (Anthropic) are the canonical commercial / open-source instruments for the discovery side. MDASH, Big Sleep, and CodeMender are the vendor-internal counterparts. The Mythos-ready Priority Action 1 (Point Agents at Your Code and Pipelines) is the Monday-morning entry to a VulnOps capability; PA 11 (Stand Up VulnOps) is the 6-to-12-month durable answer. The VulnOps implementation roadmap sequences the enterprise build-out (crawl/walk/run) on Gartner’s CTEM spine and the Vulnerability Operations Center operating model. The May 2026 Opus partner roundup is VulnOps productized through technology and services partners. Its three jobs (offensive testing at scale, closing the find→fix gap, governed production) restate the function, with the find→fix gap as the explicit target across Wiz, Palo Alto, Accenture, Trend Micro, Deloitte, and PwC.
  • Adjacent to the 2026 Secure-SDLC Framework Stack thesis. VulnOps is the candidate Layer 8 function complementing the parked Layer 4½ harness-config audit and Layer 7 AI-driven vuln-discovery layers. The Mythos-ready briefing argues VulnOps is the long-term answer; the framework-stack thesis treats it as a candidate layer parked pending broader peer adoption.
  • Operates against the Citizen Coders sprawl. Proliferation of coding agents to non-developers fragments central IT visibility; VulnOps is the organizational structure that owns the full code-and-dependency landscape regardless of who shipped which artifact.

Adjacent / Open Questions

  • Reporting structure. Does VulnOps report into Security Engineering, into the CISO directly, or into a new function alongside DevOps? The briefing does not commit. SANS / CSA practitioner experience over the next year will likely produce a default.
  • Tooling consolidation vs best-of-breed. Multiple vendor-tier instruments exist (Codex Security, Claude Code Security) plus OSS (OpenAnt, raptor); how organizations compose them into a coherent VulnOps stack is still open. The Adversarial Reflexion discipline is sourced across all of them, which suggests interoperability is more about evidence-handoff than single-vendor lock-in.
  • Regulatory implications. The EU AI Act (August 2026) introduces automated audit, incident reporting, and cybersecurity requirements around AI. The standard of care for “used available AI defensive tools” will shift; VulnOps capability becomes a candidate due-diligence artifact at the board level.
  • Burnout and team resilience. Mythos-ready briefing names this directly: VulnOps is built to absorb a volume of work no human team alone can absorb, but the function itself can burn out, so request additional headcount and budget reserve capacity as a design parameter rather than an after-the-fact correction.

See Also

Notes

Footnotes

  1. The Collapse — Zero Day Clock, Sysdig and collaborators, 2026. Median time-to-exploit across CVE-exploit pairs (CISA KEV, VulnCheck KEV, XDB): 771 days (2018), 84 days (2021), 6.36 days (2023), 4 hours (2024), zero-day (2025–2026).

  2. Verizon Business — 2026 Data Breach Investigations Report, 2026. Vulnerability exploitation 31% vs stolen credentials 13% as initial-access vector (Figure 10, n=20,023) across more than 22,000 confirmed breaches; share of CISA KEV criticals fully remediated fell from 38% (2024) to 26% (2025).

  3. FIRST — Vulnerability Forecast for 2026, 2026. Published-CVE forecast: crosses 50,000 for the first time; median 59,427; 90% confidence interval 30,012–117,673.

  4. JFrog — 2026 Software Supply Chain Security State of the Union (announcement), 2026, report p.6. 66% of analyzed CVEs had a low applicability rate (0–20%); only 12% were highly exploitable in real enterprise environments. See JFrog 2026 SSC State of the Union.

  5. Anthropic — Project Glasswing: An initial update, 2026. Open-source scanning funnel: 6,202 estimated high/critical found, 1,752 assessed, 75 patched, ~2-week mean patch time; bottleneck-inversion quote and the maintainer slow-down request. 2

  6. MOAK — How Does MOAK Work?, 2026. Five-agent autonomous pipeline; 174 of 178 CISA KEVs exploited (97.8%); Claude Opus 4.6 reaches 98% autonomous exploitation on the post-knowledge-cutoff KEV benchmark.