Rapid7 Report: 105% Surge in Exploited Vulnerabilities and 5-Day Attack Window
Rapid7's 2026 Global Threat Landscape Report finds exploited high and critical severity vulnerabilities surged 105% year over year to 146 cases, while median weaponization timelines shrank from 8.5 to 5 days. It highlights that 43.9% of incident responses were triggered by valid accounts lacking multi-factor authentication and that ransomware played a role in 42% of cases, underscoring demand for the company's AI-driven security operations.
1. Report Overview and Key Metrics
Rapid7 has published its 2026 Global Threat Landscape Report, analyzing the collapse of the time between vulnerability disclosure and exploitation. The report combines telemetry from vulnerability intelligence, incident response, and dark web monitoring to present trends in threat acceleration.
2. Surge in Exploited Vulnerabilities and Timeline Compression
Exploited high and critical severity vulnerabilities more than doubled from 71 in 2024 to 146 in 2025, a 105% increase. Weaponization timelines contracted sharply, with the median time to CISA KEV catalog inclusion falling from 8.5 days to 5 days and the mean time from 61 to 28.5 days.
3. Identity Exposure, Ransomware, and AI Acceleration
Valid accounts lacking multi-factor authentication accounted for 43.9% of Rapid7’s incident response engagements, making it the leading intrusion vector. Ransomware was involved in 42% of investigations and leak posts rose 46.4% to 8,835, while adversaries are embedding generative AI to expedite phishing, scripting, and evasion tactics.
4. Implications for Rapid7's Security Operations
The accelerated attack cycle underscores demand for preemptive, AI-driven security operations. Organizations must prioritize rapid remediation and integrate detection and response, positioning Rapid7’s Command Platform as critical for managing compressed exploit windows and evolving threat behavior.