Cogent Security Inc., a startup that employs agentic artificial intelligence for vulnerability management, today launched two new platform capabilities aimed at compressing enterprise vulnerability response from weeks to hours, as AI-assisted exploit development shrinks attacker timelines to a matter of minutes.

The company introduced Zero Day Response and Autonomous Remediation, two features designed to close the operational gap between a vulnerability being disclosed and a confirmed fix being in place. Zero Day Response identifies exposure within minutes of public disclosure, without waiting for scanner signatures to ship. Autonomous Remediation determines the right fix for each affected asset, runs a preflight business impact assessment and then verifies that the vulnerability is actually resolved after the patch or configuration change is applied.

Zero Day Response ingests intelligence from formal Common Vulnerabilities and Exposures advisories, pre-CVE disclosures and supply chain disclosures, then cross-references new findings against a customer’s complete software inventory to identify where exposure exists. Each finding is scored against the customer’s own environment rather than against generic severity ratings. Cogent’s AI agents triage the signal automatically as it arrives.

Autonomous Remediation builds a fix plan for each vulnerability based on the affected asset and what will resolve the risk fastest. Before anything runs, the system checks for reboot requirements, downtime risk and wider business impact. Customers set policy to determine how much autonomy the agents have, from full human approval for critical production systems to fully autonomous execution in lower environments. Remediation is treated as incomplete until an independent check confirms the fix.

The combined workflow means a vendor advisory published at 2 a.m. can trigger asset identification, risk scoring and remediation deployment before the security team’s morning standup, according to the company. Cogent says Fortune 500 customers running the platform have reduced mean time to remediate critical vulnerabilities by 97%.

“The math on vulnerability management has changed,” said co-founder and Chief Executive Vineet Edupuganti. “When a new CVE can be weaponized in hours, a four-day detection cycle and a 60-day remediation cycle carry a different kind of risk than they did two years ago. We built these capabilities to help security teams run their vulnerability management programs 100 times faster, because that’s what matching the speed of AI-equipped attackers actually requires.”

The release was paired with new research from the company that frames the urgency. In a report titled “The Detection Gap: How Exploits are Outpacing Scanners,” Cogent analyzed 69,159 CVEs and found that the average time from disclosure to a working exploit collapsed from 125.3 days in January 2025 to 0.5 days by April 2026.

Among critical vulnerabilities with known exploits, 62% had a working exploit circulating before scanner detection signatures shipped. Some 54% of CVEs published since January 2025 had no detection signature at all from Tenable Inc., Qualys Inc. or Rapid7 Inc. Median scanner detection lag ran 0.1 days for Tenable, 2.9 days for Qualys and 5.1 days for Rapid7.

Founded in 2025, Cogent has raised $53 million, including a round of $42 million in February. Investors in the company include Bain Capital Ventures, Greylock Partners and Definition Capital, along with executives from OpenAI Group PBC, Abnormal Security Corp. and Datadog Inc.

Image: SiliconANGLE/Ideogram