Today's signal
Mandiant's M-Trends 2026 report, built on over 500,000 hours of breach investigations conducted in 2025, landed a number that reframes the entire vulnerability management conversation: the mean time to exploit a known vulnerability has dropped to negative seven days. Attackers are deploying exploits before patches exist. The defensive model most organizations are running was designed for a world that no longer exists.
Why it matters
The report documents a threat environment shaped by AI on the attacker side. Malicious packages in public repositories grew from 55,000 in 2022 to 454,600 in 2025, with the sharpest jumps coinciding with GPT-4's release and the agentic coding surge of 2025. The gap between initial access and ransomware deployment collapsed from over eight hours in 2022 to 22 seconds in 2025. Meanwhile, the average time to remediate a high-severity vulnerability sits at 74 days, according to Edgescan's 2025 report. Set those numbers next to a mean time to exploit of negative seven days, and the math tells you what the headlines will not: defenders are operating on a fundamentally broken timeline. The skills barrier for attackers has also fallen. Three teenagers with no coding background used an LLM in 2025 to target Rakuten Mobile's systems more than 220,000 times. One actor using agentic AI tools hit 17 organizations in a single month.
The take
The security industry has spent years optimizing patch speed. That is the wrong race. When exploits arrive before patches, faster patching is not the answer. The only viable response is reducing the attack surface so aggressively that the speed advantage attackers hold applies to fewer targets. Most organizations are not structured to make that shift. The ones that are will look very different from their peers by 2027.
The number
-7 days. That is Mandiant's measured mean time to exploit vulnerabilities in 2025. Not zero. Negative seven. Exploitation is now a pre-patch event by default, not an exception.
Read the full breakdown → www.analyticsdrift.com