CW Developer Network

Cogent zeroes in on zero-day response for rapid remediation

Adrian Bridgwater
Adrian Bridgwater

AI-native enterprise security company Cogent has driven forward a new pair of tools, which it hopes will capture the hearts and minds of software application developers working with cybersecurity professionals and DevOps engineers.

The company has a mission to “collapse the time” between vulnerability disclosure and confirmed remediation.

  • A newly released Zero Day Response service from Cogent identifies exposure within minutes of public disclosure without waiting for scanner signatures.
  • Also a branded service, Autonomous Remediation determines the right fix, assesses business impact before execution and confirms the vulnerability is actually resolved.

The releases arrive as AI-assisted exploit development compresses attacker timelines faster than most security programs can keep pace.

Cogent says that time to exploit (the duration between a vulnerability’s public disclosure and the first known instance of its exploitation) has collapsed from eight months in 2022 to hours in 2026.

The average enterprise still takes 60 days to close a critical vulnerability. That gap, between how fast exploits appear and how fast organisations can respond, is the core problem Cogent is built to solve.

What is a zero-day vulnerability?

TechTarget’s Kinza Yasar defines a zero-day vulnerability as a security loophole in software, hardware or firmware that threat actors exploit before the vendors can identify and patch it.

“Initially, zero-day indicated the time since a new software release, where zero-day software was obtained through hacking into a developer’s system before release. Gradually, the term broadened to include the vulnerabilities enabling these hacks and the time vendors had to resolve them. Once a zero-day vulnerability has been made public, it is known as an n-day or one-day vulnerability,” explained Yasar.

Cogent research quantified part of the problem with zero-day exploits and how they manifest themselves today.

The company’s own study suggests that 62.0% of new vulnerabilities disclosed in the past year and a half had a known exploit available before any major scanner had published a detection plugin.

Average lag, security drag

The average lag from vulnerability publication to scanner support was up to 5.1 days. For the vulnerabilities attackers are actively targeting, scanners aren’t able to detect them, leaving security teams blind.

Cogent co-founder & CEO Edupuganti: “The maths surrounding vulnerability management have changed.”

“The maths surrounding vulnerability management have changed,” said Vineet Edupuganti, co-founder and CEO of Cogent. “When a new CVE can be weaponised in hours, a four-day detection cycle and a 60-day remediation cycle carry a different kind of risk than they did two years ago. We built these capabilities to help security teams run their vulnerability management programs 100 times faster, because that’s what matching the speed of AI-equipped attackers actually requires.”

NOTE: Common Vulnerabilities and Exposures (CVE) is a standardised way of providing a public nomenclature for security flaws, so that developers and other software professionals can coordinate efforts and track specific software risks.

Zero Day Response identifies new vulnerabilities across an enterprise within minutes of initial disclosure. It ingests intelligence from dozens of sources and cross-references new disclosures against an organisation’s full software inventory to discover where they exist.

The 1-2-3 of CVE

Coverage includes formal CVE advisories (official notifications detailing specific software flaws, their security impact, risk scores, and remediation steps) and pre-CVE disclosures (early alerts detailing security flaws before they receive an official CVE tracking identifier), so when a researcher publishes a proof-of-concept on GitHub before a formal CVE exists, Cogent’s AI agents identify and triage the signal automatically.

Every finding is scored against the customer’s actual environment rather than abstract severity ratings.

Remediation across the nation

Autonomous Remediation determines the fastest path to resolution for each vulnerability, whether that’s a patch, an upgrade, or a configuration change.

Before anything executes, the system runs a pre-flight impact assessment, flagging disruption risk, reboot requirements, and business impact. Customers set policies that control how much autonomy the AI gets: full human approval for critical production systems, semi-autonomous operation for moderate-risk environments, and fully autonomous execution for lower environments. Remediation is treated as incomplete until the fix is independently confirmed.

The result is a connected workflow where a vendor advisory published at 2 AM can trigger asset identification, risk scoring, and remediation deployment before the security team’s morning standup. Across thousands of findings over weeks and months, Cogent compresses the mean time to remediate from weeks to minutes.

Security surveys

Cyber firms love surveys and market analysis reports; it’s their thing, they just can’t hold back – and Cogent is no exception.

The company’s latest study spans analysis of 69,000+ CVEs and finds the average time from disclosure to exploit collapsed from 125.3 days to 0.5 days in 16 months.

In this age of AI, it seems like exploit development is accelerating faster than scanner-based detection can keep pace, creating visibility gaps for security teams during the highest-risk periods following vulnerability disclosure.

The report, The Detection Gap: How Exploits Are Outpacing Scanners, analysed 69,159 CVEs and found that AI-assisted exploit development compressed the average time from vulnerability disclosure to a working exploit from 125.3 days in January 2025 to 0.5 days by April 2026.

A structural mismatch

Edupuganti and team think that the findings “point to a structural mismatch” between how quickly exploits now emerge and how traditional detection systems respond

  • Exploits outpace scanners for 62% of critical vulnerabilities. Among critical vulnerabilities with known exploits, 62.0% had a working exploit available before scanner detection signatures shipped.
  • More than 83% of critical vulnerabilities create a visibility gap. 55.7% of critical CVEs never received scanner coverage at all.
  • Among the 44.3% that did, 62.0% had exploits circulating before scanner detection became available.
  • Taken together, 83.2% of critical vulnerabilities either lacked scanner coverage entirely or had exploits appear before detection shipped.

More than half of all CVEs remain invisible to major scanners. Overall, 54.0% of CVEs published since January 2025 had no detection signature (so claims Cogent) from Tenable, Qualys, or Rapid7.

Scanner response times vary significantly by vendor. Median detection lag from disclosure was 0.1 days for Tenable, 2.9 days for Qualys and 5.1 days for Rapid7. Critical vulnerabilities create the largest exposure windows. Exploits appeared before scanner detection for 62.5% of critical CVEs at Tenable, 64.5% at Qualys, and 73.5% at Rapid7.

Cyber developers, developers, developers

Although always an operations issue in the first instance with DevOps cyber-focused engineers and their platform engineering buddies across the world of cloud-native, zero-day response is still very much the realm that developers work in every day and Cogent will want to reinforce its message set in the places where it reminds us that it enables developers to use automated tools and bypass traditional scanner lags for rapid remediation.