The time it takes for a threat actor to compromise a target and begin moving laterally through their network continues to shrink in the AI era, forcing defenders to change how they respond to attacks fundamentally. One of the data points that security teams and MSSPs traditionally have relied on is the severity scores given to known vulnerabilities.
However, that time is passing, according to
Megan Horner, director of product marketing at
Seemplicity.
“For years, severity scores like CVSS gave security teams a reasonable starting point for prioritization,” Horner told MSSP Alert. “That worked when the window between disclosure and active exploitation was measured in weeks or months. AI has collapsed that window significantly. Threat actors are now using AI to accelerate reconnaissance, automate weaponization, and scale attacks faster than any team can respond using a static scoring system.”
Another concern as AI-based attacks become the norm is that severity scores are “context-blind,” which skews the urgency that’s needed, she said. A flaw with a critical CVE (Common Vulnerabilities and Exposures) score found in a system that is fully protected is much less of a threat than a CVE with a medium severity score. Without the necessary context, security teams end up chasing the theoretical risk while dangerous exposures go unaddressed.
“That's always been an efficiency problem,” Horner said. “At AI speed, it becomes a genuine security risk.”
Closing the speed gap
Seemplicity’s agentic AI-based Exposure Action Platform is designed to close the gap between finding bugs and fixing them using teams of agents, automatically sorting through alerts, dashboards, and reporting to ensure compliance. The six-year-old company week is rolling out a new capability called EDR Compensating Controls Awareness that embeds real-time endpoint detection and response (EDR) data into exposure management workflows, giving security teams and MSSPs real-time risk data that they can act on immediately.
“Rather than layering more scores on top of existing scores, we're pulling live configuration data directly from EDR tools like
CrowdStrike and
Microsoft Defender and using it to evaluate whether a vulnerability is actually blocked on a specific asset,” Horner said. It’s “not whether a control exists somewhere in the environment generally, but whether it's working on that particular machine right now.”
From CVE to CWE
Seemplicity’s new feature also maps vulnerabilities from CVE to CWE (Common Weakness Enumeration), which is used to assess whether an endpoint control that is in place can block a particular attack technique. In addition, every decision made through EDR Compensating Controls Awareness comes with transparent reasons so security teams and engineers can see how a prioritization call was decided.
“That shared visibility matters a lot in practice, because it's what gets both sides moving in the same direction,” she said. “Teams can also query Seema, our built-in AI assistant, for plain-language answers about their EDR coverage and gaps without needing to dig through dashboards.”
AI threats defined by speed
AI-powered acceleration of cyberattacks – along with AI enabling lesser-skilled adversaries to launch such attacks – has become a defining factor in cybersecurity. Security researchers with
Google Threat Intelligence Group (GTIG) and
Mandiant in April
wrote that “continued advancements in these capabilities will increasingly make exploit development achievable for threat actors of all skill levels, significantly compressing the attack timeline.”
“Now, as threat actors leverage AI to significantly multiply their offensive output, enterprise defenders cannot rely on human-speed patching protocols to keep up,” they wrote. “When organizations are confronted with an AI-enabled surge in vulnerabilities, traditional security tooling and manual triage will fail to keep pace.”
They added that “to prepare for this reality, organizations must integrate AI defensively, shifting the role of the security practitioner from manual investigator to strategic coordinator.”
MSSPs are 'managing the problem at scale'
The need to adopt AI and automation to match the machine-speed at which bad actors are working is just as critical for MSSPs as it is for corporate security teams, according to Seemplicity’s Horner. The challenge is that MSSPs are managing the problem at a scale that most internal security teams will never face.
“It's not one vulnerability backlog, but dozens or hundreds running in parallel, across clients with different tools, different configurations, and different risk profiles,” she said. “The margin for error on prioritization is thin, and the time available to make those calls is even thinner.”
EDR Compensating Controls Awareness can reduce the burden by surfacing real-time, asset-specific protection context directly into remediation workflows, she said.
“MSSPs can make faster decisions about what genuinely needs attention across their client base without manually correlating EDR telemetry against vulnerability data for each environment separately,” Horner said. “The reasoning trails also give MSSPs something concrete to bring to client conversations about why certain risks were acted on, and others were not.”
MSSP clients “are asking harder questions about ROI and decision-making than they used to, and being able to explain the logic clearly is increasingly part of the job,” she said.
The introduction of EDR Compensating Controls Awareness is the most recent in a number of steps Seemplicity, which
raised $50 million in Series B money last year, has taken to build up the AI capabilities in its platform. The company, in February, introduced the Seema natural-language AI assistant and, in October 2025, unveiled its
suite of AI agents that address everything from insights to remediation.
