Subscribe to get the latest updates and resources
Enabling faster, higher-quality vulnerability disclosure in the AI-driven age in partnership with the CVE™ Program
BOSTON, June 2, 2026 – Cynet has officially been recognized as a CVE Numbering Authority (CNA) by the CVE Program. This milestone not only marks an important step in how we contribute to broader vulnerability disclosure, but it also comes at a time when that process is under increasing pressure to evolve.
AI is accelerating both vulnerability discovery and exploitation, challenging traditional patch management cycles and making it difficult to distinguish signal from noise. This year’s Verizon Data Breach Investigations Report (DBIR) found organizations had 50% more critical vulnerabilities to patch than the previous year, while median time for full resolution went up from 32 days to 43.
As a CNA, we own the assignment and publication process for vulnerabilities in Cynet products and services, which means faster, more accurate disclosure directly from the source. When we publish a CVE Record, we control the quality of the data. We can include CVSS scores, CWE classifications, affected versions, and mitigation guidance directly in the record, backed by our years of vulnerability and exposure management experience. This means security teams can make faster, more informed prioritization decisions when exploitation times are shrinking.
(Not to mention: Our CyOps team of 24×7 MDR security experts is always available to answer partner and customer questions, and regularly publish their observations on common and emerging attack paths to the wider industry. To see why they’ve earned a 95% satisfaction score, check out CyOps research on our blog.)
“Becoming an authorized CNA matters more right now because of how AI is changing vulnerability disclosure and exploitation,” said Shivtej Tata, Director of Information Security at Cynet. “We’re proud to collaborate with the CVE Program and own our piece of the vulnerability disclosure ecosystem at a moment when speed and data quality are critical.”
The CVE Program is an international, community-driven effort that enables organizations, researchers, and security tools to consistently identify and track vulnerabilities using standardized CVE Records that are published on the CVE List.
As part of this milestone, we’ve updated our Responsible Disclosure Policy to reflect our new role, including clear guidance on how and when CVE IDs are assigned, what the disclosure timeline looks like, and what both reporters and customers can expect throughout the process.
For more on our responsible disclosure policy, security advisories, and our commitment to transparency, visit the Cynet Trust Center.
About Cynet
Cynet’s unified, AI-powered cybersecurity platform delivers a comprehensive suite of security capabilities in a single, simple solution backed by 24×7 SOC security experts. As a global cybersecurity company, Cynet is purpose-built to enhance protection for small-to-medium enterprises and empower partners to maximize margins while delivering world-class security. For more information, visit www.cynet.com.
Media Contact
Cynet Communications
Press@cynet.com
Resources
Search results for:
