Cyber Index #61 - Exploit time down to half a day, Nordic cyber budget data, and automotive vulnerabilities double
This week's Cyber Index roundup: 7 reports on AI-compressed exploit speed, automotive vulnerabilities doubling, cloud AI security gaps, Nordic CISO budgets, and multi-turn attacks on frontier models.
This Week’s Cybersecurity Eye-Openers
A quieter week for research, with only seven new reports, but the data points that surfaced are well worth your time. Three stats that jumped out at us:
1. Automotive vulnerabilities doubled in 12 months
265 unique automotive-specific vulnerabilities were identified in Q1 2026, up 102% from the same quarter a year earlier. One report this week even documents a cloud misconfiguration that locked thousands of drivers out of their cars for weeks.
2. Exploits now ship faster than security updates
AI-assisted exploit development has compressed the average time from vulnerability disclosure to a working exploit from 125 days in January 2025 to just half a day by April 2026. 62% of critical vulnerabilities with known exploits had working attacks available before scanner detection signatures even shipped.
3. Organizations can’t enforce their AI security plans
There is a 51-point gap between organizations’ intent to secure AI in the cloud and their capability to enforce it. Only 26% say they have the architecture in place to execute their strategy.
Big Picture Reports
ISC2 Research: Cybersecurity Professionals Want Leaders Who Have Been Through a Major Incident
No CISO wants to deal with a major security incident, but the upside of having lived through one is that they are far more likely to be seen as an effective leader.
Incident experience counts:
- 76% of people working in cybersecurity roles agree that previous leadership experience during a high-profile incident bolsters a leader’s credibility.
- 95% mark the ability to communicate risk to senior leadership and boards as very important in a leader.
- 34% are very confident in the current leadership in cybersecurity.
AI Security
Proprietary Problems: How Frontier Closed Models Collapse Under Iterative Pressure (Cisco)
New AI models can look secure in a single conversation, but if you keep pushing them with follow-up attacks, many fall apart, and some get dramatically worse with each attempt.
Multi-turn attacks do more damage:
- Multi-turn attack success rates range from 7.89% to 88.30% across proprietary flagship models.
- GPT-5.4 moves from 2.74% single-turn to 24.68% multi-turn, a ninefold increase.
- Grok 4.1 Fast in its non-reasoning configuration records a multi-turn attack success rate of 88.30%.
Vulnerability Management
The Detection Gap: How Exploits are Outpacing Scanners (Cogent Security)
Time to exploit is basically nothing now.
Exploits ship before detections:
- AI-assisted exploit development compressed the average time from disclosure to a working exploit from 125 days in January 2025 to half a day by April 2026.
- 62% of critical vulnerabilities with known exploits had working exploits available before scanner detection signatures were shipped.
- 55.7% of critical CVEs never received any scanner coverage.
Stop Counting CVEs: What Actually Mattered in Q1 2026 (Root Evidence)
The industry publishes tens of thousands of vulnerabilities every year. Almost all of them will never hurt anyone.
Most CVEs don’t matter:
- Only 1.4% of publicly disclosed vulnerabilities are known to be exploited in real-world attacks.
- 36.5% of known-exploited vulnerabilities have a CVSS score of 9.0 or higher, while 63.5% are rated high, medium, or lower.
- Over 80% of known-exploited vulnerabilities have no Metasploit module.
Cloud Security
2026 Cloud Security Report: Securing the AI Transformation (Check Point)
Organizations want to secure AI in the cloud. What they are capable of doing in practice is a different story.
Strategy and capability don’t match:
- Only 26% of organizations report having the architecture to enforce their AI-related cloud security strategy.
- 78% report confirmed or suspected AI-related security incidents over the past year.
- 24% say they have no AI-specific access controls.
Industry-Specific
Global Automotive Cybersecurity Report Q1 2026 (PCA Cyber Security)
The automotive industry had a rough start to the year.
Vulnerabilities doubled in a year:
- 265 unique automotive-specific vulnerabilities were identified in Q1 2026, a 102% year-on-year increase versus Q1 2025.
- Competitors at Pwn2Own Automotive 2026 in Tokyo found 76 unique zero-days.
- Ransomware groups exfiltrated nearly one terabyte of data from a major Asian vehicle manufacturer’s customer and dealership environment in early January 2026 via a third-party vendor.
Regional Spotlight
Threat Labs Report: Europe 2026 (Netskope)
Almost every organization in Europe now uses AI, and employees regularly upload regulated data and source code to their personal AI accounts.
Regulated data is leaking into AI:
- About 99% of organizations in Europe use AI.
- 59% of data policy violations across AI and personal cloud applications involve regulated data.
- 15% of data policy violations involve source code.
Nordic CISO Report 2026 (Truesec)
Some encouraging data on Nordic CISOs and Nordic security budgets.
Severe incidents dropped sharply:
- In 2026, only 9% of Nordic CISOs reported an increase in severe cybersecurity incidents, compared to 53% in 2025.
- Cybersecurity budgets among Nordic organizations remain in the 5 to 10% of IT budget range, with an average of around 7%.
- 32% of Nordic CISOs cited identity-related attacks as their primary concern.
