New solution reduces exposure to actively exploited vulnerabilities in minutes by turning intelligence into immediate protection across primary attack paths

• Disrupts AI-powered exploit-driven attacks earlier in the attack chain 
• Enables security teams to prioritise remediation based on real attacker activity—not severity scores 
• Automatically translates exploit intelligence into immediate protection across primary attack paths 

SUNNYVALE, Calif., May 27, 2026 — Proofpoint, Inc., a leading cybersecurity and compliance company, today announced Active Exploits Protection, a new solution that empowers organisations to defend against the growing exposure to AI-accelerated cyber threats. Based on real-world threats observed across Proofpoint’s telemetry, it identifies vulnerabilities actively abused in the wild and automatically translates that intelligence to enable immediate protection across the primary attack paths.

Advanced AI models, including frontier systems capable of autonomously discovering software vulnerabilities, are dramatically increasing the speed at which they are discovered and weaponised. The patch cycle is no longer the security clock, with time-to-active targeting collapsing from years to a matter of hours or less. In some cases, attacks begin before public tracking frameworks reflect the risk. Traditional, patch-based security approaches cannot keep pace with this machine-speed threat environment.

Deep Intelligence Grounded in Real-World Exploitation
Proofpoint’s advantage is rooted in dual-source visibility into how vulnerabilities are actually abused—often before they are reflected in public risk frameworks. Proofpoint’s attack telemetry spans hundreds of millions of daily email interactions, complemented by a global network of more than 5,000 sensors, that have generated over three million exploit-related alerts in 2026 alone. Year to date, Proofpoint has identified 12 actively exploited 2026 CVEs compared to eight currently listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog. Active Exploits Protection operationalises this intelligence, translating real-world malicious activity into prioritised remediation and immediate protection.    

“The speed at which threats are evolving has fundamentally changed the risk equation,” said Sumit Dhawan, CEO of Proofpoint. “It’s no longer enough to identify vulnerabilities. Organisations need to understand what attackers are exploiting in real time and reduce their exposure immediately. By combining real-world exploit intelligence with protections across the primary attack paths, we can help defend at the speed today’s threats spread.”

From Vulnerability Overload to Exploitation Clarity
Even as vulnerability volumes surge, with frontier AI accelerating discovery at scale, fewer than 6% of all disclosed vulnerabilities are ever observed being exploited in real-world attacks. Security teams are left drowning in “critical” findings, forced to triage thousands of alerts without clear signals about what materially increases risk. Organisations often find themselves allocating resources based on severity scores rather than actual attacker behavior.

Active Exploits Protection helps organisations move beyond patch velocity toward real-time exposure reduction. Grounded in observed attacker activity, the solution enables security teams to focus remediation on what materially reduces risk, shrink the window between vulnerability discovery and defense, and stop exploit-driven threats before they disrupt the business. To help organisations operationalise this approach, Active Exploits Protection delivers four core capabilities:

• Prioritise Actively Exploited Vulnerabilities: Identifies vulnerabilities confirmed to be used in the wild based on Proofpoint telemetry across more than 3 million organisations and 14,000 large enterprises. Prioritisation is driven by observed attacker behaviour, not theoretical severity scoring, enabling security teams to focus remediation on what materially reduces risk.
• Enable Immediate Protection: Exploit intelligence is automatically translated into protection in approximately 35 seconds, with network-wide propagation in under 18 minutes. This reduces the exposure window for zero-day and newly weaponised threats to a median of minutes, even when patching hasn’t started. Across more than two billion emails analysed daily, the platform maintains 99.999% detection precision.
• Faster, Threat-Informed Decisions: Turning intelligence directly into action, Active Exploits Protection shortens the time between threat identification and protection deployment, provides real-time context for investigations, and enables customers to access and tailor attack intelligence via APIs. The solution integrates with existing SOC tools, vulnerability management platforms, and automation pipelines.
• Scale with AI-Driven Workflows: Designed for modern security operations, the solution provides a foundation for AI-driven and automated workflows. By embedding exploit intelligence directly into operational processes, organisations can reduce manual triage and operationalise exposure reduction at scale.

"With AI-accelerated threats exploiting vulnerabilities faster, enterprise security teams need a sharper view of what attackers are targeting," said Vishal Salvi, Global Head of Cognizant's Cybersecurity Service Line. "Proofpoint's Active Exploits Protection offers that focus, and Cognizant intends to help our clients operationalise it through our managed security and threat response services, so they can prioritise remediation where it matters most."

Availability
Proofpoint Active Exploits Protection is available globally today and delivered via integrated platform capabilities and API access.

To learn more about the vulnerability landscape, read our threat insight blog: https://www.proofpoint.com/us/blog/threat-insight/more-cves-same-playbook-2026-vulnerability-exploitation-wild

For more information about Proofpoint Active Exploits Protection, visit: https://www.proofpoint.com/us/blog/email-and-cloud-threats/future-exploit-defense-starts-first-mile

About Proofpoint, Inc.
Proofpoint, Inc. is a global leader in human- and agent-centric cybersecurity, securing how people, data and AI agents connect across email, cloud and collaboration tools. Proofpoint is a trusted partner to over 80 of the Fortune 100, over 10,000 large enterprises, and millions of smaller organisations in stopping threats, preventing data loss, and building resilience across people and AI workflows. Proofpoint’s collaboration and data security platform helps organisations of all sizes protect and empower their people while embracing AI securely and confidently. Learn more at proofpoint.com.

Connect with Proofpoint on LinkedIn

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.