Proofpoint, a cybersecurity and compliance company, has introduced Active Exploits Protection, a new solution designed to help organizations defend against the rising tide of cyber threats driven by artificial intelligence use.
The tool relies on real threats detected through the company’s telemetry to identify vulnerabilities that are actively being exploited in real-world environments. Based on this information, it automatically translates the insights into immediate protective measures against the primary attack vectors.
According to the company, the evolution of advanced AI models—including systems capable of autonomously identifying software vulnerabilities—is significantly accelerating the discovery and exploitation of security flaws. This has drastically reduced the time between vulnerability detection and the start of active attacks—from years to just hours or even less.
Additionally, Proofpoint warns that, in some cases, malicious activities begin before public tracking systems even reflect the existence of the risk. In this scenario, the company believes that traditional security models based solely on patching are no longer sufficient to respond to an environment where threats evolve at machine speed.
Deep intelligence based on real-world exploits
Proofpoint’s advantage lies in its dual-source visibility into how vulnerabilities are truly abused—often before they are reflected in public risk frameworks. Proofpoint’s attack telemetry covers hundreds of millions of daily email interactions, complemented by a global network of over 5,000 sensors that generated more than three million exploit-related alerts in 2026 alone. So far this year, Proofpoint has identified 12 actively exploited CVEs from 2026, compared to the eight currently listed in CISA’s Known Exploited Vulnerabilities (KEV) catalog. Active Exploits Protection leverages this intelligence, translating malicious activity from the real world into prioritized remediation and immediate protection.
“The speed at which threats evolve has radically changed the risk landscape,” states Sumit Dhawan, CEO of Proofpoint. “It’s no longer enough to just identify vulnerabilities. Organizations need to understand what attackers are exploiting in real time and reduce their exposure immediately. By combining real-world exploit intelligence with protections on the main attack routes, we can help defend at the same pace as current threatsspread.”
From vulnerability overload to exploitation clarity
Although the volume of vulnerabilities has skyrocketed—with frontier AI accelerating large-scale discovery—less than 6% of all disclosed vulnerabilities are exploited in real-world attacks. This overload causes security teams to be overwhelmed by “critical” findings and forced to classify thousands of alerts without clear signals about what materially increases risk. Organizations also tend to allocate resources based on severity scores rather than actual attacker behavior.
Active Exploits Protection helps organizations go beyond patching speed to focus on real-time exposure reduction. Based on observed attacker activity, the solution allows security teams to prioritize mitigation efforts that significantly reduce risk, shorten the interval from vulnerability discovery to defense, and stop exploit-based threats before they impact the business.
To facilitate this approach, Active Exploits Protection offers four core capabilities:
- Prioritize actively exploited vulnerabilities. Identifies vulnerabilities confirmed to be in use in real environments, based on Proofpoint telemetry from over 3 million organizations and 14,000 large enterprises. Prioritization is guided by observed attacker behavior rather than theoretical severity scores, enabling security teams to focus remediation where it reduces risk most effectively.
- Enable immediate protection. Exploit intelligence is automatically translated into protection within approximately 35 seconds, with network propagation in under 18 minutes. This reduces the window of exposure for zero-day and newly weaponized threats to a matter of minutes—even when patches haven’t been applied. The platform analyzes more than 2 billion emails daily, maintaining a detection accuracy of 99.999%.
- Make faster, more informed threat decisions. By converting intelligence directly into action, Active Exploits Protection shortens the time between threat identification and protection deployment, provides real-time context for investigations, and allows customers to access and customize attack intelligence via APIs. The solution integrates seamlessly with existing SOC tools, vulnerability management platforms, and automation workflows.
- Scale with AI-driven workflows. Designed for modern security operations, the solution provides a foundation for automated, AI-driven workflows. Integrating exploit intelligence directly into operational processes helps reduce manual triage and operationalize exposure reduction at scale.
“As AI-driven threats exploit vulnerabilities faster, security teams need a clearer vision of where attackers are targeting,” says Vishal Salvi, Global Head of Cybersecurity Services at Cognizant. “Proofpoint’s Active Exploits Protection offers this approach, and Cognizant aims to assist our clients in deploying it through our managed security and threat response services, so they can prioritize remediation where it matters most.”