The Cyber Risk Triage is Collapsing - #0084, Shimon Tolts episode artwork

EPISODE · Jul 3, 2026 · 37 MIN

The Cyber Risk Triage is Collapsing - #0084, Shimon Tolts

from The Spiro Circle · host James Spiro

Jira tickets used to sit open for years. A medium-severity vulnerability, flagged by a routine scan, could be assigned to an engineer who had bigger fires to fight. It had largely been that way for years: patch the criticals, manage the highs, let the mediums age. When it came to CVEs (Common Vulnerabilities and Exposures), a publicly available list of known cybersecurity flaws in software and hardware, nobody was going to weaponize one rated 5.4. But in today’s world, that’s no longer true.“In 2020, [if] there was a CVE reported and a security hole, it would take more than a year until there was a public exploit,” said Shimon Tolts, CEO and co-founder of Tel Aviv-based cloud security startup Copperhelm. “Nowadays, with Claude and OpenAI and other players, the time has shrunk from one year to one day. So now you treat every CVE, every security issue that you have, as immediately exploitable.”The data confirms what Tolts describes. The mean time between a vulnerability being discovered and its exploitation has dropped from nearly a year in 2021 to just over a day in 2026, with industry projections suggesting the window will shrink to one hour by 2027. Rapid7’s 2026 Global Threat Landscape Report found that what once unfolded over weeks now materializes in days (and in some cases, minutes), with the median time between vulnerability publication and inclusion on CISA’s Known Exploited Vulnerabilities catalog falling from 8.5 days to five.The implications invalidate an entire category of enterprise risk management.For decades, security teams built their workflows around severity scores. The National Vulnerability Database, operated by the National Institute of Standards and Technology (NIST), classified every disclosed flaw as ‘critical’, ‘high’, ‘medium', or ‘low’ - and organizations built their response hierarchies accordingly. Fix the criticals immediately, schedule the highs, and then defer the rest. That model is now under institutional strain: CVE submissions surged 263% between 2020 and 2025, and starting April 15, 2026, NIST announced it would only prioritize enrichment for a narrow subset of vulnerabilities, such as those already on CISA’s exploited list, those affecting federal systems, or those covered by Executive Order 14028. This would leave the majority of newly disclosed flaws without severity scores. “You’ll no longer be able to use the old risk management methodology of saying ‘I’m only going to fix criticals’,” Tolts explained. “Because you’re not going to have a severity anymore.”The shift has a compounding effect. AI models are not only accelerating exploitation timelines, but they are also discovering vulnerabilities at a rate that human analysts cannot process. NIST enriched nearly 42,000 CVEs in 2025, 45% more than any prior year, and forecasts from the Forum of Incident Response and Security Teams projected a record 50,000 additional CVEs to be reported in 2026 (these figures do not yet account for the accelerating contribution of AI-powered vulnerability discovery tools like Claude Mythos and GPT-5.4-Cyber).Every day, the cyber world is facing more vulnerabilities, faster exploitation, and fewer severity scores to guide triage. But security teams are still largely operating through manual workflows designed for a different era.Copperhelm’s answer is autonomous investigation and remediation, already backed by a $7 million seed round led by TLV Partners and deployed in Fortune 500 environments. The platform uses a proprietary “Context Lake” to structure cloud data across environments, enabling AI agents to continuously monitor infrastructure, investigate threats, and execute real-time remediation without manual handoffs. Tolts describes the practical effect in terms his customers already understand: one client arrived with 10 million open vulnerabilities and two home-made severity categories above “critical” — labels they had invented themselves because the official scale had run out of runway.“Your window of response has shrunk, and you need to autonomously take care of it,” Tolts said. “It’s no longer the case where you can just open a Jira ticket and wait for some engineer to fix it in one year or one month, because now you’re gonna get exploited very, very fast.” Get full access to The Spiro Circle at www.thespirocircle.com/subscribe

NOW PLAYING

The Cyber Risk Triage is Collapsing - #0084, Shimon Tolts

0:00 37:36

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Big Old Life: Heather Blackbird interviews people on planet earth. Heather Blackbird loves asking questions. This podcast is a learning experience. Join me, Heather Blackbird, as I talk to people about their lives. Frequency of new episodes is a little all over the place and I'm learning as I go. Big Old Life is a small way of talking about the vastness of life, one person at a time. If you are reading this or found this podcast it's probably because someone you know gave you a link to it. :) Explicit Tales Of A Superstar DJ The Insomniac Spun seemingly out of nowhere from her complacent life in the corporate world, turned seemingly overnight from 16-Hour shift work and into the life of a literally starving artist and working musician, The Protagonist navigates her supposed rise to fame and superstardom on a journey through spiritual awakening, coming-of-age, and intimate self-realization--guided by an omnipresent force and equipped with the power of love, magic, and music. {Enter The Multiverse.} [The Festival Project] The Festival Project, Inc.™ is a multidimensional multimedia platform which encompasses exploratory and artistic social personifications and expressions on cosmic theory, spirituality, growth, health & wellness, philosophy and theoretic dynamics in entertainment such as music, design, film, television, radio, dance and festival culture, art, fashion, literature, and science. The Festival Project™ and its subsidiary Non-Profit, The Collective Complex © aims to challenge modern artistic and philosop Explicit Bitcoin Is Dead Trey Carson Welcome to Bitcoin is Dead, the ultimate Bitcoin variety show where host Trey takes you on a journey through the ever-evolving world of Bitcoin. Each episode brings new personalities, fascinating locations, and insightful conversations with politicians, educators, and innovators shaping the future of Bitcoin. Whether you're a seasoned Bitcoiner or just starting your journey, tune in for thought-provoking discussions, unique perspectives, and a deep dive into the ideas and people driving the Bitcoin revolution. Explicit The Sacred +Profane Podcast nephtaragrace The Sacred + Profane Podcast is a provocative conversation dedicated to cementing a better future for all. We specialize in unpacking the nuances of what is considered sacred and profane, particularly focusing on sex, death, and all that pertains to the circle of life. Our aim in focusing on such ”taboo” subject matter is to demystify what is unconscious, bring to light what has been known for centuries as ”the occult,” and empower the rapid transformation that is occurring on the Planet. Explicit

Frequently Asked Questions

How long is this episode of The Spiro Circle?

This episode is 37 minutes long.

When was this The Spiro Circle episode published?

This episode was published on July 3, 2026.

What is this episode about?

Jira tickets used to sit open for years. A medium-severity vulnerability, flagged by a routine scan, could be assigned to an engineer who had bigger fires to fight. It had largely been that way for years: patch the criticals, manage the highs, let...

Can I download this The Spiro Circle episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!