Skip to main content
TechnologyJun 1, 2026· 2 min read

Active Exploits Protection, Proofpoint's AI-Based Protection

Proofpoint has made available Active Exploits Protection, a security solution that stands out for identifying vulnerabilities within an infrastructure, prioritizing those that are actively exploited by attackers in the field.

Not all critical vulnerabilities have the same operational impact. Public databases, severity scores, and catalogs like CISA's KEV are useful tools, but they don't always keep pace with the speed of attackers. In some cases, malicious activity begins before the risk is tracked in public systems.

Active Exploits Protection aims to address this problem.

Not all vulnerabilities have the same impact, even with equal severity.

According to Proofpoint, less than 6% of detected vulnerabilities are actually exploited in real attacks. For IT teams, this means needing to distinguish between what is serious on paper and what is already entering attack chains.

Active Exploits Protection is designed to help security teams focus their efforts where it is most urgent.

Proofpoint bases this analysis on its visibility into email attacks and a global network of sensors. The company claims to analyze hundreds of millions of email interactions every day and generated over three million alerts related to exploits in 2026. In the same year, Proofpoint states it identified 12 CVEs that were already actively exploited, compared to the eight listed in CISA's KEV catalog at the time indicated in the material.

Automatic Protection and Integration into SOC Processes

Active Exploits Protection not only alerts on the vulnerability but also activates countermeasures automatically. Proofpoint estimates about 35 seconds for converting information into protection and less than 18 minutes for propagation across the entire network.

This approach is particularly relevant in cases where patch installation takes a long time: complex environments, critical systems, tight maintenance windows, or applications that cannot be updated immediately. In these scenarios, temporary protection based on actual attacker activity can reduce risk during the period leading up to the final fix.

The solution can be integrated with SOC tools, vulnerability management platforms, and automation systems. Intelligence on exploits is also accessible via API, so it can be integrated into existing workflows in the company.

"The speed at which threats evolve has radically changed the risk equation," declares Sumit Dhawan, CEO of Proofpoint. "It is no longer enough to identify vulnerabilities: organizations must understand in real-time what is being exploited by attackers and immediately reduce their exposure. By combining intelligence on actual exploits with protective measures along the main attack paths, we can help companies defend themselves at the same speed that threats spread today."

"With threats accelerated by AI exploiting vulnerabilities faster, corporate security teams need a more precise view of what attackers are targeting," comments Vishal Salvi, Global Head of Cybersecurity Service Line at Cognizant. "Proofpoint Active Exploits Protection offers just this focus, and Cognizant aims to help its clients operationalize it through our managed security and threat response services, so they can prioritize resolving issues where it matters most."