Identify and close IT vulnerabilities even before they are officially listed.
The discovery of 12 critical vulnerabilities in OpenSSL in January 2026 by the AISLE research project illustrates a structural deficit in the software supply chain. What is particularly worrying is that the CVE-2025-68160 vulnerability had been present in the source code since 1998. The fact that this 28-year-old vulnerability has only now been identified is due to a decisive technological factor: it was detected by artificial intelligence (AI).
AI shortens the time from exploit to attack - LocateRisk Preemptive Intelligence shortens your response time.
This is a turning point for IT managers: when AI identifies and exploits vulnerabilities fully automatically, solutions are needed that recognize risks even if they are not yet officially documented. LocateRisk has integrated Preemptive Intelligence into its EASM and VRM solutions for this purpose. The aim is to close the information gap between a risk becoming known and its official listing by the National Vulnerability Database (NVD) and to enable companies to act immediately.
The new speed: exploits in minutes
The use of AI by security researchers is only one side of the coin. In the hands of attackers, this technology fundamentally changes the time scale of cyber attacks.
Automated exploit generation: In future, AI models will analyze the underlying error within a few minutes of a software update or bug report being published and develop functional exploits.
Race against time: The time between a vulnerability becoming known and the first attempted attack is drastically reduced. Conventional patch cycles, which take days or weeks, cannot keep up with this pace. The update has often not yet reached the company's deployment process, while the systems are already under attack.
Focus on the external attack surface: As OpenSSL forms the backbone of Internet encryption (TLS), these vulnerabilities can be triggered directly via the public Internet. Not only core IT is affected, but also shadow IT in particular: forgotten dev servers, outdated VPN gateways or cloud instances that operate outside of central control. The BSI also describes the explosive nature of continuous attack surface management in its latest situation report (link): „Protecting attack surfaces will be the decisive lever for improving cyber security in 2026.“
The data vacuum: when the NVD becomes a bottleneck
A central problem in vulnerability management is the existing mapping deficit. Many companies rely primarily on publications from the National Vulnerability Database (NVD). However, this institution has been struggling with considerable backlogs in the enrichment of metadata since 2024.
Delay: In March 2025, 25,000 CVEs were awaiting analysis, almost 50% more than in August 2024. Although NIST has taken action, a significant backlog remains.
Consequence: In an environment where AI exploits emerge within minutes, waiting for official database updates is a high security risk for the IT infrastructure.
The shortcut: Preemptive Intelligence from LocateRisk
By identifying critical software versions immediately after vulnerability discovery, LocateRisk shortens the so-called mapping gap. While many solutions wait for the NVD (National Vulnerability Database) analysis, leaving companies blind to new threats for days, LocateRisk EASM (External Attack Surface Management) with Preemptive Intelligence compensates for this dangerous loss of time and notifies you even before the official mapping. You gain a head start and can initiate the necessary protective measures immediately. More about the External Attack Surface Management (EASM)
An OpenSSL gap in your infrastructure is a problem - a gap at your critical IT service provider is quickly a disaster. LocateRisk also enables you to continuously and automatically monitor the security situation of third-party providers and the entire supply chain. Learn more about the Vendor Risk Management (VRM)
Conclusion
The AI discovery of the OpenSSL vulnerabilities is a wake-up call. The defense of your IT infrastructure can only keep pace with developments through high automation and speed in the security process. Preemptive Intelligence makes an important contribution to this.
Identify and reduce your cyber risks through a comparable and understandable overview of your IT security. Let our experts advise you and find out how LocateRisk can help you solve your cyber risks.
Want to find out more, book a demo or simply exchange ideas? We look forward to hearing from you!
We use cookies to optimize our website and our service.
Functional
Always active
Technical storage or access is strictly necessary for the lawful purpose of enabling the use of a particular service expressly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a message over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that have not been requested by the subscriber or user.
Statistics
The technical storage or access, which is carried out exclusively for statistical purposes.Technical storage or access used solely for anonymous statistical purposes. Without a subpoena, the voluntary consent of your Internet service provider, or additional records from third parties, information stored or accessed for this purpose alone generally cannot be used to identify you.
Marketing
Technical storage or access is necessary to create user profiles, to send advertisements, or to track the user on a website or across multiple websites for similar marketing purposes.
English 
Deutsch 
Français