Anthropic Advocates EPSS Amid Rising Vulnerability Exploitation Risks

Severity: Medium (Score: 54.9)

Sources: Csoonline, www.first.org

Summary

Anthropic's AI tool, Mythos, has exacerbated the existing challenges in vulnerability management by increasing the speed of vulnerability discovery and exploitation. The company recommends using the Exploit Prediction Scoring System (EPSS) to prioritize vulnerabilities, suggesting that organizations should patch the Known Exploited Vulnerabilities (KEV) list first and then address CVEs above a specific EPSS threshold. EPSS provides a probabilistic model that estimates the likelihood of exploitation within 30 days, offering a data-driven approach to vulnerability management. The National Institute of Standards and Technology (NIST) has recently limited its vulnerability database updates due to the overwhelming number of new vulnerabilities, highlighting the strain on current systems. The average time to exploit a vulnerability is projected to drop to one hour this year, indicating an urgent need for effective prioritization methods. Security leaders are encouraged to adopt machine-learning approaches to manage vulnerabilities more effectively. Key Points: • Anthropic recommends EPSS for prioritizing vulnerabilities amid increased exploitation risks. • The average time to exploit a vulnerability is projected to reach one hour in 2026. • NIST has scaled back its vulnerability database updates due to the overwhelming volume of new CVEs.

Key Entities

• Government (industry)
• Healthcare (industry)