Exploitation is rising, network edge products are taking hits, and vulnerability management can’t stop at scanning and scoring anymore.
Rapid7’s threat data reveals vulnerability exploitation moving ahead of social engineering as a leading initial access method, while
VulnCheck’s 2026 data showed how quickly the problem is growing. VulnCheck found 25 CVEs disclosed in 2026 that are already being routinely targeted, including flaws in network edge products from Ivanti, BeyondTrust, Cisco, and others. The company has also added 394 new known exploited vulnerabilities so far this year, up 59% from the same period in 2025.
Why does this matter to MSSPs? Knowing which vulnerabilities exist was never the hard part. Customers need help figuring out which ones are actually dangerous, what to fix first, and whether the fix worked. That gets harder when some flaws are already tied to ransomware, botnets, and state-linked activity, and when remediation has to be proven, not assumed.
The opportunity is in helping customers prioritize risk, coordinate patching, validate remediation, and explain progress to leadership without drowning everyone in CVE lists. Tools are starting to support that shift. Tenable OPEN, for example, connects exposure data across products so teams can move faster from findings to action. The conversation for MSSPs is now moving from finding the risk to actually and practically reducing it.
Market Pulse: Cybersecurity Deals, Funding, and Platform Shifts
Cycurion to acquire Secuvant to expand managed security and risk services: Cycurion has agreed to acquire Secuvant in a deal that adds MDR, SOC-as-a-Service, incident response, vulnerability management, and compliance capabilities to its cybersecurity services business. Cycurion said Secuvant’s Panoptic platform, cyberRPM tools and Cyber7 methodology will be combined with its AI-powered ARx platform and recent HavenX integration to support more automated threat detection, vulnerability prioritization and response workflows. This is another one that points to continued consolidation around AI-assisted security operations, where the value is moving toward faster triage, lower manual workload, and managed remediation across mid-market, enterprise, and critical infrastructure customers.
Tenable OPEN gives MSSPs a broader exposure management service play: Tenable’s OPEN launch is giving MSPs, MSSPs and channel partners a clearer services play around exposure management. The program connects Tenable One with third-party tools, internal systems and AI-driven workflows, allowing customers to bring outside data into Tenable and send exposure insights back into the tools they already use for reporting, remediation and operations. Most security teams are not struggling with a lack of findings but to understand which risks matter, who owns the fix and how to move faster without adding more manual handoffs. For MSSPs, OPEN creates room to package services around integration setup, exposure data normalization, risk-based prioritization, customer reporting and remediation coordination.
CrowdStrike brings Claude audit data into Falcon for AI security monitoring: CrowdStrike has added a new Claude Compliance API integration that brings Anthropic Claude audit data into the Falcon platform, giving security teams more visibility into how AI tools are being used across the enterprise. The integration pulls Claude activity into Falcon Next-Gen SIEM, including authentication events, user activity logs, administrative changes and API usage, so analysts can view AI activity alongside endpoint, identity, cloud and third-party security data. CrowdStrike is also tying the integration to Charlotte Agentic SOAR, so certain AI-related risks can trigger automated investigation and response workflows. This is a bigger service opportunity for MSSPs around AI governance, detection and response, where monitoring AI activity becomes part of managed SOC operations rather than a separate compliance exercise.
Socket raises $60M to secure AI-driven software development: Socket has raised a $60 million Series C round at a $1 billion valuation, led by Thrive Capital with participation from Andreessen Horowitz, Abstract Ventures and Capital One Ventures. The funding brings Socket’s total capital raised to $125 million and will support expansion of its software supply chain security platform as AI accelerates how developers write and ship code. The company is focusing the new funding on Socket Firewall, Certified Patches, broader protection across package managers, browser extensions, code editor extensions, MCP servers and AI tools, and upcoming product launches.
Ocean launches from stealth with $28 million in funding: Ocean has launched from stealth with $28 million in funding and a focus on one of the most familiar problems in enterprise security: email attacks that are getting harder to spot. The round was led by Lightspeed Venture Partners, with participation from Picture Capital, Cerca Partners, and several angel investors from the cybersecurity market. The company is positioning itself around agentic email security. Its platform uses AI agents to investigate emails in real time, looking at the sender, message content, links, technical infrastructure, and business context before deciding whether a message can be trusted.
Have news to share or just want to connect? Reach anytime at [email protected].
