Averlon today announced Precog, a predictive remediation capability that identifies exploitable risk in proposed code and infrastructure changes and delivers the fix to developers before the change reaches production. Precog addresses a widening gap: AI is accelerating both code delivery and vulnerability discovery, and security teams can no longer manage risk only after it lands in production.
The need for this shift is becoming urgent. Google Cloud’s Mandiant M-Trends 2026 report found that mean time to exploit collapsed from 63 days in 2018 to an estimated minus seven days in 2025, meaning exploitation now often begins before a patch is available. New frontier models such as Claude Mythos and GPT-5.5-Cyber are making it increasingly clear that AI will compress the time required to discover, validate, and exploit vulnerabilities. The result is a widening gap between the speed at which risk is discovered and exploited, and the speed at which security teams can triage and fix it.
The industry is converging on a new operating model: Remediation Operations, or RemOps. The premise is simple: finding risk and closing risk are different problems. Security teams do not need more alerts; they need a way to understand what is truly exploitable, prioritize by business impact, and drive safe fixes through developer workflows.
Averlon’s Remediation Operations platform addresses the full lifecycle of risk reduction: ingesting security findings, determining what is truly exploitable, prioritizing by business impact, and driving agentic remediation through developer workflows. The platform has helped customers reduce remediation time by up to 90 percent and alert noise by up to 95 percent, helping security teams move from backlogs of thousands of findings to the handful that need fixing.
With Precog, Averlon extends that model earlier in the lifecycle by preventing exploitable risk before it becomes production exposure. Unlike security scanners that flag findings based on generic severity scores, Precog evaluates whether a proposed change would actually be exploitable in the customer’s real environment, accounting for internet reachability, exposed services, and existing compensating controls. This contextual analysis means Precog surfaces the changes that genuinely create exposure, not the long tail of theoretically risky findings that wouldn’t be exploitable in production. Precog integrates into CI systems such as GitHub, evaluating proposed changes before they reach production.
When risky changes are detected, Precog identifies the issue, explains the exploitable path, and generates a remediation directly in the developer workflow. Developers receive the proposed fix at the same time they are notified of the risk, reducing friction between security review and software delivery.
“AI is changing both sides of the software lifecycle. It is accelerating development while also introducing code that is often not ready for production. With AI also accelerating the discovery and exploitation of weaknesses in that software, security teams can no longer rely only on post-production detection and backlog management. Capabilities like Averlon’s Precog point to where the market is headed: identifying risky changes earlier and helping developers fix them before they become production exposure.”
Chris Steffen, VP Research, Enterprise Management Associates
Complementing Precog is Vulnerability Intelligence, Averlon’s CVE research feed at research.averlon.ai, which gives teams the context they need to triage emerging vulnerabilities, including exploitability, attacker requirements, required privileges, user interaction, and evidence of exploitation in the wild.
“Security teams have relied on finding and fixing vulnerabilities after they reach production. AI has made that untenable from both directions: it is generating new vulnerabilities faster than teams can triage them, and it is collapsing the window between exposure and exploitation. You cannot remediate your way out of that. The only way to stay ahead is to prevent exploitable risk from reaching production in the first place. That is what Precog does.”
Sunil Gottumukkala, CEO, Averlon
Supporting Resources
Read the research and see Precog in action:
- Precog: Preventing Exposure Before the Backlog (blog): averlon.ai/blog/averlon-precog-preventing-exposure-before-backlog
- Vulnerability Remediation: Down and Up We Go (blog): averlon.ai/blog/vulnerability-remediation-down-and-up-we-go
- Vulnerability Intelligence Brief #1 (research): averlon.ai/blog/vulnerability-intelligence-brief-cve-2025-11953-react-native-metro-command-injection
- Vulnerability Intelligence (live research feed): research.averlon.ai
- Precog Demo Webinar (recording): averlon.ai/webinars/preventing-exploitable-risk-demo
- RemOps End-to-End Demo (recording): averlon.ai/webinars/remediation-ops-live-demo
- Averlon Platform: averlon.ai/platform
About Averlon
Averlon is pioneering Remediation Operations, helping security teams move from vulnerability findings to safe, prioritized fixes. Its agentic AI identifies what is truly exploitable and automates remediation directly within developer workflows. Averlon is trusted by security teams at enterprises and fast-growing companies to efficiently scale their security programs. Founded in 2022, Averlon is backed by Salesforce Ventures, Voyager Capital, and Outpost Ventures.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260520822537/en/
Media gallery
