The time between a vulnerability being discovered and a vulnerability being exploited used to be measured in weeks. Now it’s hours.

That's not a forecast. It's happening in production environments today.

Faster code generation means more attack surface shipping every sprint. AI-assisted discovery tools don’t just help defenders find flaws, they help attackers find them first. The moment a vulnerability exists, the race has already started.

If your AppSec program hasn't been recalibrated for this environment, the backlog isn't just a workload problem. It’s a warning sign.

On June 25, Mend.io is hosting a live session on what’s actually changed, what the data shows, and what security programs need to do differently, before the next sprint ships.

Glasswing, Mythos, and the New Rules of AppSec
June 25, 2026 | 11:00 am ET | Live Q&A