→[DigitalToday reporter Chi-gyu Hwang (황치규)] Cybersecurity firm Rapid7 said a new report analysing the 2026 security landscape shows the era of predictive security, which detects signals or signs that an attack will occur and responds accordingly, is over.

Rapid7 said in the report that vulnerabilities are exploited in real-world attacks immediately after they are disclosed, and that the predictive window has collapsed. It said attackers weaponise vulnerabilities within days of disclosure, leaving no time for vendors to issue patches and for defenders to install them.

According to SecurityWeek, Chrisitian Bikke (크리스티안 비크), a vice president in Rapid7's cyber intelligence division, said attackers' capabilities or intent have not suddenly changed. He said what has changed is the speed at which vulnerabilities are weaponised and exploited.

It said internet access brokers (IABs), intermediaries that buy and sell intrusion paths, were cited as a major factor driving the change. It added that infostealers, information-stealing malware, have emerged as a key tool to boost IAB efficiency.

Ransomware damage has also grown. Ransomware-related leak posts rose 46.4 percent to 8,835 in 2025 from 6,034 in 2024. Attack methods have also changed. Bikke said criminals are stealing data and then trying to sell it on various forums or public sites without installing ransomware.

Rapid7 proposed "preemptive security" as an alternative. It removes the conditions for a successful attack in advance rather than waiting for signals of an attack. The company said basic measures such as applying multi-factor authentication, rotating credentials, managing OAuth tokens, encryption and automated audits of additions of software-as-a-service apps are a starting point for preemptive security.

Rapid7 said a fundamental shift in thinking toward preemptive security is needed to effectively manage cyber risk in 2026. It said organisations should move beyond reactive, alert-volume-based vulnerability management and shift to an exposure management model focused on intelligence-based prioritisation and preemptive response.