Mid-market security teams face a critical blind spot, and Chris Wallis has witnessed it firsthand. “A lot of organizations are still counting vulnerabilities,” the Intruder founder and CEO told Dark Reading’s Terry Sweeney. “The important thing is how quickly you’re fixing them.” With CVE counts surging from 30,000 to 50,000 annually — and AI-assisted discovery likely to push that higher — the gap between identifying and addressing vulnerabilities is becoming a major business risk.
Wallis, drawing on his penetration testing career, explains why CVE-only strategies leave organizations exposed. During engagements, he often found fully patched environments still compromised due to misconfigured databases, exposed management interfaces, and overlooked attack surface elements that traditional scanners missed. This insight led him to build Intruder, focusing on attack surface management to help stretched security teams address real-world exposures beyond CVEs. The urgency is growing. Mean time to exploit has dropped from months to hours, and Wallis warns it could soon shrink to minutes or seconds. Organizations struggling to patch within 30 days face a dire future without rethinking their approach. On AI, Wallis sees potential for scalability and time savings but notes full reliability is still one to two years away.
Wallis, founder and CEO of Intruder, leverages his experience as a penetration tester and ethical hacker to make enterprise-grade vulnerability management accessible to mid-market organizations, focusing on attack surface management and cyber hygiene.
