Proofpoint has unveiled a targeted cybersecurity system in Active Exploits Protection, to defend against the growing exposure to AI-accelerated cyber threats.
Based on real-world threats observed across Proofpoint’s telemetry, it says, Active Exploits Protection identifies vulnerabilities actively abused in the wild, and automatically translates that intelligence to enable “immediate protection” across the primary attack paths.
Advanced AI models, including systems capable of autonomously discovering software vulnerabilities, are dramatically increasing the speed at which they are discovered and weaponised. “The patch cycle is no longer the security clock, with time-to-active targeting collapsing from years to a matter of hours or less,” says Proofpoint. In some cases, attacks begin before public tracking frameworks reflect the risk.
Proofpoint’s attack telemetry spans hundreds of millions of daily email interactions, complemented by a global network of more than 5,000 sensors, that are said to have generated over 3m exploit-related alerts in 2026 alone. Year to date, Proofpoint says it has identified 12 actively exploited 2026 CVEs (Common Vulnerabilities and Exposures) compared to eight currently listed in CISA’s Known Exploited Vulnerabilities (KEV) catalogue. Active Exploits Protection operationalises this intelligence, translating real-world malicious activity into prioritised remediation and immediate protection.
Though AI is accelerating discovery at scale, fewer than 6% of all disclosed vulnerabilities are ever observed being exploited in real-world attacks, says Proofpoint. Security teams are therefore “left drowning” in “critical” findings, forced to triage thousands of alerts without clear signals about what materially increases risk. “Organisations often find themselves allocating resources based on severity scores rather than actual attacker behaviour,” the vendor says.
“The speed at which threats are evolving has fundamentally changed the risk equation,” said Sumit Dhawan, CEO of Proofpoint. “It’s no longer enough to identify vulnerabilities. Organisations need to understand what attackers are exploiting in real time and reduce their exposure immediately. By combining real-world exploit intelligence with protections across the primary attack paths, we can help defend at the speed today’s threats spread.”
Active Exploits Protection delivers four core capabilities:
-Prioritise actively exploited vulnerabilities: Identifies vulnerabilities confirmed to be used in the wild based on Proofpoint telemetry across more than 3m organisations and 14,000 large enterprises
-Enable “immediate protection”: Exploit intelligence is automatically translated into protection in approximately 35 seconds, with network-wide propagation in under 18 minutes. This reduces the exposure window for zero-day and newly weaponised threats to “a median of minutes”, even when patching hasn’t started
-Faster, threat-informed decisions: Turning intelligence directly into action, Active Exploits Protection shortens the time between threat identification and protection deployment, providing real-time context for investigations, and enables customers to access and tailor attack intelligence via APIs
-Scale with AI-Driven workflows: By embedding exploit intelligence directly into operational processes, organisations can reduce manual triage and operationalise exposure reduction at scale
“With AI-accelerated threats exploiting vulnerabilities faster, enterprise security teams need a sharper view of what attackers are targeting,” said Vishal Salvi, global head of Cognizant’s Cybersecurity Service Line. “Proofpoint’s Active Exploits Protection offers that focus, and Cognizant intends to help its clients operationalise it through its managed security and threat response services, so they can prioritise remediation where it matters most.”
