Qevlar’s new AI agents correlate CVEs, incident data, and active exploitation signals

Qevlar has announced a new set of AI agents designed to bridge the disconnect between Security Operations Centers (SOCs) and vulnerability management teams. The new capabilities help security teams correlate CVEs with live incident data for real-time risk prioritization, automatically identify asset owners to speed remediation, and autonomously hunt for active CVE exploitation. General availability is scheduled for Fall 2026.

Finding and exploiting zero-day vulnerabilities has never been faster or easier than in 2026. According to Mandiant’s 2026 report, the mean time to exploit vulnerabilities has dropped to an estimated -7 days, meaning exploitation is now occurring before a patch is released.

At the same time, AI systems such as Claude Mythos are lowering the barrier to identifying and operationalizing zero-days, accelerating the speed and scale of exploitation. These shifts are collapsing the traditional response window and exposing the limits of disconnected SOC and vulnerability management workflows.

SOC and vulnerability teams hold complementary attack signals but lack a shared workflow or data layer to act on them together. Because incident response and vulnerability management are typically separate functions within organizations, teams operate in silos, resulting in fragmented processes and ad hoc collaboration. As a result, adversaries operate freely across the gaps between them.

Qevlar addresses these challenges with three new capabilities:

• Vulnerability Exploitation Hunter automates the translation of CVE data into hunt queries and proactively searches environments for active exploitation, compressing time from disclosure to detection.
• CVE Exploitation Intelligence Exchange is a shared intelligence layer that lets both teams operate from the same real-time context on vulnerabilities and their live exploitation.
• Asset Owner Agent automatically reconciles ownership across CMDB, identity, and operational data sources.

“The goal of security teams is no longer just to be faster, but to become stronger over time, continuously reducing the gaps attackers can exploit,” said Ahmed Achchak, CEO of Qevlar.

“Most AI SOC tools optimize for speed. We are building for compounding defense. That only happens when you break down the silos between security teams, connect every signal across the security stack, and make the system learn from past cases. Bringing SOC and vulnerability data together is a key step in that direction,” Achchak concluded.