In 2019, the average exploitation time for a vulnerability was 60 days. By 2025, exploits were available in the wild before disclosure - a shift that renders the industry-standard 67-day patching cycle indefensible. Add an AI-driven surge in vulnerability volume and the result is a risk management model built for a world that no longer exists. The move from attack surface management to risk surface management is no longer optional.

This session, led by Himanshu Kathpal of Qualys, will cover:

• Why CTEM dashboards and MTTR metrics no longer reflect business-level risk in the AI era;
• How hyper-prioritization and autonomous remediation workflows close the gap between exposure identification and actual risk reduction;
• What cyber risk quantification looks like when security outcomes must be expressed in business value, not vulnerability counts.