Black Kite’s 2026 report says supply chain security is being overwhelmed by rapid vulnerability growth, with more than 48,000 CVEs published in 2025 and exploitation often happening before patches are released. The report argues that organizations need far better visibility into which vulnerabilities are truly reachable and critical, especially as AI, agentic systems, and weak software supply chain controls make the problem worse. #BlackKite #Mandiant #CrowdStrike #OpenAI #TanStack #MistralAI #UiPath #Jenkins #OpenBSD
Keypoints
- More than 48,000 CVEs were published in 2025.
- Time to exploitation is now shorter than patching cycles.
- Only 58 high-priority CVEs were truly discoverable and exploitable in supply chains.
- AI and agentic systems are increasing exposure and reducing visibility.
- SBOMs and better visibility are needed to focus on the most critical risks.