---
name: exploit-scoring
version: "1.0.0"
description: Real-World Exploit Priority (RWEP) scoring — CVSS plus KEV, PoC, AI-acceleration, blast radius, live-patch factors
triggers:
  - exploit scoring
  - rwep
  - real world priority
  - how bad is this cve
  - prioritize cve
  - cve priority
  - patch priority
  - beyond cvss
data_deps:
  - atlas-ttps.json
  - cve-catalog.json
  - exploit-availability.json
  - zeroday-lessons.json
atlas_refs: []
attack_refs: []
framework_gaps:
  - CWE-Top-25-2024-meta
  - CIS-Controls-v8-Control7
last_threat_review: "2026-06-10"
---

# Real-World Exploit Priority (RWEP) Scoring

CVSS measures severity — the theoretical worst-case impact of a vulnerability. RWEP measures priority — how urgently a specific vulnerability requires action given real-world exploit availability, operational constraints, and blast radius.

A CVSS 9.8 vulnerability with no public exploit, no active exploitation, and a straightforward patch may be lower priority than a CVSS 7.8 vulnerability that is CISA KEV listed, has a public 732-byte deterministic exploit, and requires a reboot to patch.

---

## Frontmatter Scope

The `atlas_refs` and `attack_refs` arrays are intentionally empty. This skill is a scoring methodology — its input is whatever CVE the operator hands it, with whatever TTPs that CVE already carries in `data/cve-catalog.json`. Pinning a fixed TTP subset would mis-frame the score's coverage; RWEP applies to every CVE in the catalog regardless of which ATLAS or ATT&CK technique it maps to. `framework_gaps` is populated because the scoring outcome explicitly references control families (CWE-Top-25-2024-meta, CIS-Controls-v8-Control7) that the RWEP rationale ties remediation timing to.

---

## Threat Context (mid-2026)

RWEP exists because the exploit development cycle has compressed. The factors that CVSS does not model are now the dominant signal in real-world prioritization.

- **AI-accelerated exploit development is current operational reality, not emerging.** 41% of 2025 zero-days were discovered or weaponized with AI-assisted tooling (GTIG 2025). Copy Fail (CVE-2026-31431) was discovered by an AI system in approximately one hour; Fragnesia (CVE-2026-46300, 2026-05-13) is the 2026 anchor case for autonomous agentic-AI discovery — Zellic's agentic auditor surfaced an 18-year-old Linux kernel primitive. The first documented AI-built in-the-wild zero-day landed 2026-05-11 (GTIG AI 2FA-bypass). CVSS scoring assumes a human-speed gap between disclosure and reliable exploitation — that gap is gone for AI-capable threat actors. RWEP's `ai_factor` weight is calibrated to this reality; align downstream scoring narratives to CTID Secure AI v2 (2026-05-06, replaces v1).
- **CVSS undercounts AI-discovered + KEV-listed bugs.** CVE-2026-31431 scores CVSS 7.8 (High). Treated as a CVSS-band-7 item, it lands in a 30-day remediation queue. Treated honestly — CISA KEV listed, 732-byte deterministic public PoC, all Linux ≥ 4.14, AI-discovered — it is a 4-hour incident. CVSS misses every one of those amplifiers.
- **CVSS local-vector blindness vs. RWEP exploitation reality.** CVE-2026-30615 (Windsurf MCP) scores CVSS 8.0 with AV:L (the NVD-authoritative corrected score; the initial CVSS 9.8 was withdrawn after attack-vector analysis confirmed the local-vector reality — the attacker must control HTML content that the Windsurf MCP client processes). RWEP rates it 35, lower than Copy Fail at 90: the supply-chain prerequisite (a victim first installs a malicious MCP server) plus the local attack vector throttle real exploitation rate. This pair is the canonical example of CVSS-vector-only scoring losing to RWEP's exploitation-evidence weighting.
- **Compliance frameworks anchor SLAs on CVSS bands.** NIST 800-53 SI-2, PCI DSS 6.3.3, ISO 27001:2022 A.8.8, and most internal vuln-management policies translate CVSS High/Critical into 30-day/7-day windows. For AI-discovered KEV-listed LPEs with public PoCs, these windows are exploitation windows. RWEP is the layer that lets an org prioritize honestly without re-writing every framework control.

---

## Framework Lag Declaration

| Framework | Control | What It Assumes | Why It Fails (mid-2026) |
|---|---|---|---|
| NIST 800-53 Rev 5 | SI-2 (Flaw Remediation) | CVSS-banded patch cycles: 30 days for High, 7 days for Critical | No factor for CISA KEV listing, AI-discovered, public PoC byte-size, deterministic vs. race-condition exploits. A CVSS 7.8 AI-discovered KEV-listed LPE drops into the 30-day bin alongside CVSS 7.8 theoretical bugs. |
| NIST 800-53 Rev 5 | RA-5 (Vulnerability Monitoring and Scanning) | Scanner CVSS scores drive ticket priority | Scanners report CVSS. CVSS 7.8 Copy Fail and CVSS 7.8 obscure-config RCE generate identical ticket priorities. Operational queues cannot distinguish them without RWEP. |
| PCI DSS 4.0 | 6.3.3 | "Critical patches" (CVSS-defined) within 1 month, all others within 3 months | CVSS-anchored SLA. 1 month for a 732-byte CISA KEV public PoC is indefensible. No factor for AI-discovery or live-patch availability. |
| ISO 27001:2022 | A.8.8 (Management of technical vulnerabilities) | "Appropriate timescales" set by risk classification, typically CVSS-driven | Risk classification methodology is not specified; in practice orgs use CVSS bands. Standard offers no guidance distinguishing AI-discovered KEV-listed from theoretical High. |
| CIS Controls v8 | Control 7 (Continuous Vulnerability Management) | IG1/IG2/IG3 timelines indexed on CVSS Critical/High | Same CVSS-anchored SLA failure. No factor for KEV status as a re-prioritization trigger. |
| NIS2 Directive | Art. 21 (vulnerability handling) | "Appropriate measures" — methodology unspecified | In practice essential/important entities map this to CVSS-driven internal SLAs. Standard does not require any non-CVSS factor. |
| UK NCSC CAF | Principle B4 (System Security) — vulnerability and patch management contributing outcomes | Outcome-based: "Vulnerabilities are identified and addressed appropriately" | Outcome language permits CVSS-only prioritization. No requirement to factor KEV listing, public-PoC availability, or AI-discovery into the remediation cadence. NCSC Vulnerability Management Guidance (2024) recommends but does not require exploit-availability weighting. |
| UK Cyber Essentials Plus | Patch management criterion | Critical/High patches within 14 days | CVSS-anchored 14-day window. No factor for CISA KEV / public PoC. Tighter than NIST/PCI but still framework-lag-vulnerable for AI-accelerated 4-hour weaponization. |
| AU ASD Essential 8 | Patch Operating Systems ML1–ML3 | ML3: 48h for OS vulns "with working exploit" | Closest to adequate — at least incorporates exploit availability. Still does not model AI-discovery, KEV, blast radius, or live-patch availability. 48h window remains long for AI-accelerated weaponization. |
| AU ASD ISM | Control ISM-1493 (vulnerability management) + ISM-1144 (patching frequency) | Risk-based patching aligned to vendor severity / exploitability | "Exploitability" not operationalized as KEV / public-PoC / AI-discovery factors. Risk-based language permits CVSS-only ranking in practice. |
| FedRAMP Continuous Monitoring | Vuln scan cadence + CVSS-band remediation | Monthly scans, CVSS-banded SLAs | Cadence-based detection plus CVSS-banded remediation cannot respond inside the AI-accelerated exploit window. |

Across all of these, the framework lag is the same shape: **CVSS-as-risk-proxy.** RWEP is the operational corrective layer.

---

## TTP Mapping

This skill is meta — it does not pin to a single TTP class. RWEP is the cross-cutting prioritization layer applied **across all attack classes catalogued in `data/atlas-ttps.json` and `data/cve-catalog.json`**. Frontmatter `atlas_refs` and `attack_refs` are intentionally empty.

| Catalog | Role for RWEP |
|---|---|
| `data/cve-catalog.json` | Source of factor values: CISA KEV flag, PoC availability, AI-discovery flag, active-exploitation status, patch and live-patch availability per CVE |
| `data/atlas-ttps.json` (MITRE ATLAS v2026.05) | Provides the AI/ML TTP context where AI-discovery and AI-acceleration factors apply (e.g., AML.T0016 Obtain Capabilities: Develop Capabilities, AML.T0017 Discover ML Model Ontology) |
| `data/exploit-availability.json` | Authoritative PoC + KEV + last-verified date snapshot — drives factor freshness |
| `data/zeroday-lessons.json` | Closes the loop: zero-day's lesson entry feeds back the framework gap that RWEP's score implied |

Use the TTP-specific skills (e.g., `kernel-lpe-triage`, `ai-attack-surface`, `mcp-agent-trust`) to extract the attack vector. Use this skill to translate that attack vector's catalogued factors into an action timeline.

---

## Exploit Availability Matrix

How each RWEP factor maps to a real CVE in `data/cve-catalog.json`:

| CVE | KEV | PoC | AI-Discovered | Active Exploitation | Blast Radius | Patch | Live Patch | RWEP | CVSS |
|---|---|---|---|---|---|---|---|---|---|
| CVE-2026-31431 (Copy Fail) | Yes | Yes (732-byte) | Yes | Confirmed | All Linux ≥ 4.14 (30) | Yes | Yes (kpatch/livepatch/kGraft) | 90 | 7.8 |
| CVE-2026-43284 (Dirty Frag ESP/IPsec) | No | Yes (chain) | No | Suspected | IPsec-using systems (18) | Yes | RHEL-only kpatch | 38 | 7.8 |
| CVE-2026-43500 (Dirty Frag RxRPC) | No | Yes (chain) | No | Suspected | RxRPC-loaded systems | Yes | Partial | 32 | 7.6 |
| CVE-2026-46300 (Fragnesia) | No (likely candidate) | Yes (one-liner vs /usr/bin/su) | No | None observed | Linux >= 5.10 with esp4/esp6/rxrpc loaded (25) | Yes | Yes (kpatch / canonical-livepatch / KernelCare) | 20 | 7.8 |
| CVE-2025-53773 (Copilot YOLO-mode RCE) | No | Yes (demonstrated) | Yes (AI tooling enables) | Suspected | GitHub Copilot users (15) | Yes (SaaS) | Yes (SaaS push) | 30 | 7.8 |
| CVE-2026-30615 (Windsurf MCP local-vector RCE) | No | Partial | No | Suspected (supply-chain) | 150M+ downloads, local-vector + supply-chain prereq | Yes | Yes (IDE update) | 35 | 8.0 |

Key reads: Copy Fail (RWEP 90, CVSS 7.8) and Windsurf MCP (RWEP 35, CVSS 8.0) sit at opposite ends of the exploitation-evidence axis — Copy Fail is the canonical case of CVSS under-prioritization (KEV + deterministic public PoC + AI-discovered + broad blast-radius dominate); Windsurf MCP is the canonical case of CVSS-vector blindness (the AV:L local-attack vector plus the supply-chain prerequisite throttle real exploitation rate even after CVSS was corrected from 9.8 to 8.0).

---

## RWEP Formula

```
RWEP = min(100, max(0,
  (cisa_kev      × 25) +
  (poc_public    × 20) +
  (ai_assisted   × 15) +
  (active_expl   × 20) +
  (blast_radius  × 30) -
  (patch_avail   × 15) -
  (live_patch    × 10) +
  (reboot_req    × 5)
))
```

### Factor Definitions

**cisa_kev** (0 or 1): Is this CVE in the CISA Known Exploited Vulnerabilities catalog?
- Source: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
- Score contribution: +25 points if listed
- Rationale: CISA KEV listing means active exploitation has been confirmed by CISA. This is the highest-confidence signal that exploitation is occurring in the wild.

**poc_public** (0 or 1): Is a working PoC publicly available?
- Score contribution: +20 points if public
- Rationale: A public PoC reduces attacker capability requirements to near-zero. Any actor with access to the PoC can execute the exploit. Lowers barrier from nation-state to script kiddie.

**ai_assisted** (0 or 1): Was this CVE discovered by an AI system, or has AI-assisted weaponization been documented?
- Score contribution: +15 points if yes
- Rationale: AI-assisted discovery (e.g., Copy Fail discovered in ~1 hour) indicates the vulnerability class is likely to be re-discovered or further exploited rapidly. AI-assisted weaponization compresses the time-to-reliable-exploit dramatically.

**active_expl** (0 or 1): Is active exploitation confirmed (beyond CISA KEV, e.g., incident reports, threat intelligence)?
- Score contribution: +20 points if confirmed
- Rationale: Confirmed exploitation means the threat is not theoretical. Treat as an incident-level response trigger.

**blast_radius** (0.0 to 1.0 scaled to 0–30): How broad is the affected population?
- 30 points: Affects all Linux systems since a specific kernel version (e.g., Copy Fail: all 4.14+)
- 20 points: Affects a major distribution's default configuration
- 14 points: Affects a specific distribution or configuration
- 6 points: Affects a narrow software version range
- 0 points: Affects only highly specific configurations

**patch_avail** (0 or 1): Is a patch available?
- Score contribution: -15 points if available
- Rationale: Patch availability dramatically reduces remediation timeline. The risk decays as patches are deployed.

**live_patch** (0 or 1): Is live kernel/application patching available (no reboot required)?
- Score contribution: -10 points if available
- Rationale: Live patching enables immediate remediation without service disruption. Systems that can live-patch have a lower operational burden for remediation.

**reboot_req** (0 or 1): Is a reboot required to apply the patch (and no live patch is available)?
- Score contribution: +5 points if reboot required with no live patch
- Rationale: Reboot requirements extend remediation timelines for production systems. Systems stay exposed longer.

---

## Pre-Calculated RWEP Scores

### CVE-2026-31431 — Copy Fail

| Factor | Value | Points |
|---|---|---|
| CISA KEV | Yes | +25 |
| PoC Public | Yes (732-byte script) | +20 |
| AI-Assisted | Yes (discovered by AI in ~1h) | +15 |
| Active Exploitation | Confirmed | +20 |
| Blast Radius | All Linux kernel 4.14+ (all major distros, containers) | +30 |
| Patch Available | Yes | -15 |
| Live Patch Available | Yes (kpatch/livepatch/kGraft) | -10 |
| Reboot Required | Yes (always — live patch is temporary) | +5 |
| **RWEP** | | **90** |

**Interpretation:** RWEP 90 — the highest score in the current catalog. Formula: 25(KEV)+20(PoC)+15(AI-discovered)+20(confirmed)+30(blast)−15(patch)−10(live-patch)+5(reboot) = 90. The blast radius of 30 reflects all Linux >= 4.14 including containers and all major distributions since 2017.

**vs. CVSS:** CVSS 7.8 High. In traditional frameworks, this scores as a "30-day remediation" item. RWEP 90 means: patch or live-patch within 4 hours of availability, or document compensating controls. RWEP is 12 points higher than CVSS × 10 (78) — the AI-discovery factor, confirmed exploitation, and massive blast radius are what CVSS misses.

---

### CVE-2026-43284 — Dirty Frag (ESP/IPsec)

| Factor | Value | Points |
|---|---|---|
| CISA KEV | No | 0 |
| PoC Public | Yes (chain component) | +20 |
| AI-Assisted | No | 0 |
| Active Exploitation | Suspected | +10 (partial) |
| Blast Radius | IPsec-using systems, kernel 5.x | +18 |
| Patch Available | Yes | -15 |
| Live Patch Available | No (kpatch RHEL-only — not broadly available) | 0 |
| Reboot Required | Yes | +5 |
| **RWEP** | | **38** |

**Interpretation:** No CISA KEV, suspected (not confirmed) exploitation, and no broad live-patch availability. RWEP 38 vs. CVSS-equivalent 78 — RWEP shows this is less urgent than CVSS suggests absent confirmed exploitation at scale. Critical contextual risk: any host using IPsec for compliance controls (SC-8/SC-28) cannot claim those controls as compensating controls while this CVE is unpatched — the exploit runs through the IPsec implementation.

---

### CVE-2026-46300 — Fragnesia

| Factor | Value | Points |
|---|---|---|
| CISA KEV | No (likely candidate within days of disclosure) | 0 |
| PoC Public | Yes (one-line root shell vs /usr/bin/su) | +20 |
| AI-Assisted | No (human-discovered by V12 security team) | 0 |
| Active Exploitation | None observed | 0 |
| Blast Radius | Linux >= 5.10 with esp4/esp6/rxrpc loaded | +25 |
| Patch Available | Yes (testing on AlmaLinux / CloudLinux; upstream on netdev) | -15 |
| Live Patch Available | Yes (kpatch / canonical-livepatch / KernelCare) | -10 |
| Reboot Required | No (module-unload mitigation is non-reboot) | 0 |
| **RWEP** | | **20** |

**Interpretation:** RWEP 20 today places Fragnesia in the standard-30-day patch band. Two factors will move this fast: (a) a CISA KEV listing adds +25 (RWEP 45 → 7-day band), and (b) confirmed active exploitation adds another +20 (RWEP 65 → 72-hour band). Operators tracking RWEP should pre-stage the response now while the score is low so the KEV-listing event triggers an already-rehearsed playbook rather than a from-scratch decision. Critical operational insight: Fragnesia is the sibling bug introduced by the Dirty Frag patch, and the module-unload mitigation set (`blacklist esp4 / esp6 / rxrpc`) is identical to Dirty Frag's — operators already mitigated for CVE-2026-43284 / CVE-2026-43500 are already mitigated for Fragnesia at zero additional operational cost. RWEP 20 vs. RWEP 90 for Copy Fail is the canonical "same CVSS band, different urgency" pair for 2026.

---

### CVE-2025-53773 — GitHub Copilot YOLO-Mode RCE

| Factor | Value | Points |
|---|---|---|
| CISA KEV | No | 0 |
| PoC Public | Yes (demonstrated) | +20 |
| AI-Assisted | Yes (AI tooling enables) | +15 |
| Active Exploitation | Suspected | +10 |
| Blast Radius | GitHub Copilot users — large developer population, but local-vector via IDE interaction | +10 |
| Patch Available | Yes (GitHub patched) | -15 |
| Live Patch Available | Yes (SaaS patch) | -10 |
| Reboot Required | No (SaaS update) | 0 |
| **RWEP** | | **30** |

**Interpretation:** CVSS 7.8 (AV:L) vs. RWEP 30 — the local-vector reality is baked into both scores; RWEP additionally throttles for "suspected, not confirmed" exploitation and for the SaaS live-patch path. The lack of framework coverage for prompt injection as an attack class (no control in any major framework) makes this a critical monitoring gap regardless of the RWEP score.

---

### CVE-2026-30615 — Windsurf MCP Local-Vector RCE

| Factor | Value | Points |
|---|---|---|
| CISA KEV | No | 0 |
| PoC Public | Partial | +10 |
| AI-Assisted | No | 0 |
| Active Exploitation | Suspected (supply chain targeting) | +10 |
| Blast Radius | 150M+ MCP-capable assistant downloads, local-vector + supply-chain prerequisite | +20 |
| Patch Available | Yes | -15 |
| Live Patch Available | Yes (IDE update) | -10 |
| Reboot Required | No | 0 |
| **RWEP** | | **35** |

**vs. CVSS:** CVSS 8.0 (AV:L, NVD-corrected from initial 9.8) vs. RWEP 35 — this pair demonstrates CVSS local-vector blindness against RWEP exploitation-reality weighting. CVSS 8.0 is still high because the worst-case is RCE in user context, but the AV:L correction already reflects that the attacker must control HTML content the MCP client processes. RWEP additionally throttles for no CISA KEV, suspected-only exploitation, and the supply-chain prerequisite (a malicious MCP server must first be installed). Key insight: RWEP correctly signals elevated priority, not emergency — unlike Copy Fail (RWEP 90) where signal dominates regardless of CVSS band.

---

## RWEP vs. CVSS Delta Analysis

When CVSS and RWEP diverge significantly, it surfaces important context:

**CVSS high, RWEP low** — Severe vulnerability but low immediate priority:
- No PoC, no active exploitation, no CISA KEV
- Patch available with no reboot required
- Narrow blast radius (specific configuration)
- Example: An obscure CVSS 9.1 RCE in an enterprise appliance with no public PoC, patched by vendor, affecting 100 customers worldwide

**CVSS moderate, RWEP high** — The dangerous case — framework compliance prioritizes wrong things:
- CVSS 7.8 → "30-day remediation"
- RWEP 90 → "patch or live-patch within 4 hours"
- Example: Copy Fail — CVSS doesn't capture AI-discovered + deterministic + CISA KEV + all Linux
- Framework compliance that uses CVSS thresholds for SLA will deprioritize Copy Fail relative to a CVSS 9.8 with no public exploit

**Moderate CVSS, low RWEP** — CVSS-vector still overstates urgency once exploitation evidence is weighted:
- Copilot YOLO-mode RCE (CVSS 7.8 / RWEP 30): local-vector, no KEV, suspected exploitation — important monitoring gap but not emergency
- Windsurf MCP (CVSS 8.0 / RWEP 35): local-vector, no KEV, supply-chain prerequisite limits actual exploitation rate
- RWEP correctly prioritizes Copy Fail (RWEP 90, CVSS 7.8) over Windsurf MCP (RWEP 35, CVSS 8.0) despite the two CVEs sitting in adjacent CVSS bands
- Framework compliance that uses CVSS alone may treat Windsurf MCP and Copy Fail as similar-urgency — incorrect

---

## Analysis Procedure

### Step 1: Gather CVE data

For a CVE not in the pre-calculated catalog, collect:
- NVD CVSS score and vector
- CISA KEV status (direct lookup)
- PoC availability (public security databases, researcher announcements)
- AI-discovery or AI-assisted weaponization (researcher disclosure statements)
- Active exploitation (CISA KEV, threat intelligence, incident reports)
- Affected version range (blast radius assessment)
- Patch availability and reboot requirement
- Live patch support (kpatch, livepatch, kGraft, vendor live update)

### Step 2: Apply RWEP formula

Calculate factor values (binary 0/1, or scaled 0–30 for blast radius) and apply formula.

### Step 3: Generate remediation timeline

Map RWEP score to required action timeline:

| RWEP | Action | Timeline |
|---|---|---|
| 90–100 | Immediate — deploy live patch or isolate | Within 4 hours |
| 75–89 | Urgent — patch or compensating controls | Within 24 hours |
| 60–74 | High — patch within standard emergency window | Within 72 hours |
| 40–59 | Elevated — accelerated patching | Within 7 days |
| 20–39 | Standard — normal patch cycle | Within 30 days |
| 0–19 | Low — routine vulnerability management | Next scheduled maintenance |

### Step 4: Framework compliance translation

Translate RWEP-based timeline to framework compliance language:
- "This CVE has RWEP 90. Per NIST 800-53 SI-2, the organizational SLA is 30 days for High. This SLA is insufficient for a CISA KEV vulnerability with public PoC and confirmed active exploitation. The RWEP-based remediation requirement (4 hours) represents a material gap between SI-2 compliance and actual security posture."

---

## Output Format

The skill produces a per-CVE Exploit Priority Assessment showing the RWEP score, the factor breakdown (CVSS, KEV, PoC, AI-acceleration, blast radius, live-patch availability), the required-action timeline, and any framework-SLA conflict. The shape below is consumed downstream by `kernel-lpe-triage` (for kernel-class CVEs), by `compliance-theater` (which compares the RWEP-required timeline against the org's CVSS-banded SLA), and by `incident-response-playbook` (which scopes IR per the required-action band). Preserve the RWEP factor rows verbatim — they are the auditable derivation.

```
## Exploit Priority Assessment

**CVE:** [ID]
**Assessment Date:** YYYY-MM-DD

### CVSS vs. RWEP
| Metric | Score | Priority Band |
|--------|-------|---------------|
| CVSS | [score] | [None/Low/Medium/High/Critical] |
| RWEP | [score] | [see table above] |
| Delta | [RWEP - CVSS×10] | [Explain if significant] |

### RWEP Factor Breakdown
| Factor | Value | Points |
|--------|-------|--------|
| CISA KEV | Yes/No | +25/0 |
| PoC Public | Yes/No | +20/0 |
| AI-Assisted | Yes/No | +15/0 |
| Active Exploitation | Confirmed/Suspected/No | +20/+10/0 |
| Blast Radius | [description] | [0-30] |
| Patch Available | Yes/No | -15/0 |
| Live Patch Available | Yes/No | -10/0 |
| Reboot Required | Yes/No | +5/0 |
| **RWEP Total** | | **[score]** |

### Required Action
**Timeline:** [4h / 24h / 72h / 7d / 30d / routine]
**Action:** [Live patch / Full patch + reboot / Compensating controls + timeline / Routine]

### Framework Compliance Note
[If RWEP timeline conflicts with framework SLA: explicit statement of the gap]
```

---

## Compliance Theater Check

Run this check against any organization claiming vulnerability-management compliance:

> "Pull your vulnerability-management policy. Find the remediation SLA table. Is the SLA anchored on CVSS bands — `Critical: within X days, High: within Y days, Medium: within Z days`? If yes, the policy is theater for the dominant 2026 threat class: AI-discovered, CISA KEV listed LPEs with public PoC scored CVSS 7.8 (High). Under a CVSS-banded SLA, CVE-2026-31431 (Copy Fail) gets the same 30-day clock as a CVSS 7.8 theoretical bug. The actual operational requirement — 4 hours to live-patch or isolate — is invisible to the policy. Re-anchor remediation SLAs on RWEP, not CVSS bands, or demonstrate that CVSS-banded SLAs are augmented by an explicit CISA-KEV-response override with a sub-24h timeline."

> "Open your last quarterly vuln-management metrics report. Does it report `mean time to remediate by CVSS band`? If that is the headline metric, the program optimizes for CVSS-band SLAs, not for actual exploit-priority response. The KPI itself is theater. The honest metric is: for CVEs that crossed RWEP ≥ 75 during the quarter, what was the mean time from RWEP-75 threshold crossing to deployed mitigation? If the org doesn't track RWEP at all, the program has no instrumentation to detect when CVSS-banded SLAs fail — which they do for every CISA KEV + AI-discovered class in `data/cve-catalog.json`."

> "Ask: when CVE-2026-31431 was published, what was the actual time from publication to deployed mitigation across the estate? Compare it to the policy's 30-day High SLA. The org likely met SLA. RWEP 90 required action in 4 hours. CISA KEV listed the CVE on 2026-05-01 with federal due date 2026-05-15. Today (~13 days after listing) any unpatched estate is past the federal due date and demonstrably exposed to a 732-byte deterministic public PoC on CISA KEV. The gap between 'met internal SLA' and 'past federal due date with active exploitation in scope' is the size of the theater."

---

## Defensive Countermeasure Mapping

RWEP scores priority; this section maps the priority bands to the D3FEND defensive techniques an operator deploys before, during, and after a patch lands. The mapping is per RWEP band rather than per CVE — the same techniques compose differently depending on whether the score is driven by KEV listing, public PoC, AI-acceleration, or live-patch availability. Operators consuming an RWEP score should pair it with the row below to convert "act in 4 hours" into "deploy these specific D3FEND techniques in the following order."

| RWEP band | Threat shape | D3FEND ID | Defensive technique | Defense-in-depth layer |
|---|---|---|---|---|
| 90+ (KEV + public PoC + AI-discovered, e.g. Copy Fail) | T1068 deterministic LPE | `D3-KBPI` | Kernel-Based Process Isolation | Kernel — compensating control deployed within the 4-hour live-patch window |
| 90+ | T1068 | `D3-SCA` | System Call Analysis | Endpoint — detection for the LPE primitive ahead of live-patch propagation |
| 75–89 (KEV + PoC, not AI-accelerated) | T1190 / T1068 reachable | `D3-NI` | Network Isolation | Network — segmentation that closes the reachability precondition |
| 75–89 | T1190 / T1068 | `D3-PA` | Process Analysis | Endpoint — behavioral detection of the exploit primitive in the unpatched window |
| 50–74 (PoC public, KEV pending) | Exploit-likely class | `D3-EFA` | Executable File Analysis | Endpoint — pre-execution scanning for known PoC binaries and artifacts |
| 50–74 | Exploit-likely class | `D3-FCR` | File Content Rules | Endpoint — content-based detection of exploit payloads in transit |
| 25–49 (vendor patch available, no PoC) | Patchable, not yet weaponized | `D3-EAL` | Executable Allowlisting | Managed endpoint — reduce exposure surface during the routine-patch window |
| 25–49 | Patchable | `D3-EI` | Execution Isolation | Endpoint / container — sandbox the vulnerable component until patch deploys |
| AI-accelerated multiplier (any band with AML.T0016 capability development) | PROMPTFLUX-class evasion | `D3-NTA` | Network Traffic Analysis | Network egress — detect AI-API queries from unexpected processes |
| AI-accelerated multiplier | AML.T0051 prompt-injection-driven exploitation chain | `D3-IOPR` + `D3-CSPP` | Input/Output Profiling + Client-server Payload Profiling | SDK / gateway — content-aware inspection of prompt+completion at the model boundary |

**Defense-in-depth posture:** the RWEP band sets the timeline; D3FEND sets the technique set. A 4-hour timeline (RWEP 90+) without a deployed `D3-KBPI` or `D3-SCA` capability is a compliance gap, not an operational one — the timeline cannot be met. Operators reporting "RWEP 90 patched within 4 hours" must also report which D3FEND technique provided coverage during the pre-patch window; an unpatched 4-hour exposure window with no compensating defensive technique is the same outcome as a 30-day SLA breach.

**Least-privilege scope:** D3FEND technique deployment is scoped to the asset class within the CVE's blast radius. `D3-KBPI` is per-host (production kernel ≠ developer kernel ≠ CI runner). `D3-NI` is per-segment. `D3-EAL` is per-host-class. Allowlists and isolation rules are derived from the CVE's affected component, not applied estate-wide.

**Zero-trust posture:** an RWEP score is not a remediation; it is a triage signal. The remediation closes only when the cited D3FEND technique is verified in production for the affected asset class. RWEP 90 with no deployed `D3-KBPI` instrumentation is an unmitigated finding regardless of patch SLA. Auditors converting RWEP findings into corrective actions must verify both the patch deployment and the compensating-technique deployment.

**AI-pipeline applicability:** for AI-pipeline CVEs (model-serving runtime, MCP server, inference gateway), `D3-KBPI` and `D3-EAL` do not apply to serverless inference endpoints. The scoped alternative is `D3-CSPP` at the gateway plus signed-image attestation at the provider. RWEP bands are unchanged; the technique selection shifts to the gateway tier. `D3-FAPA` over training-data corpora is the additional technique for any AML.T0020 (Poison Training Data) finding above RWEP 50.