KEY TRENDS
of all CNAPP-detected alerts remain OPEN so far in 2026.
22% increase in Vulnerability Management MTTR YoY, from 230 to 282 days.
of all alerts come from the same 8 misconfigurations seen last year.
- 150 days
was the average exposure window for Critical alerts before remediation ships.
- 6.3%
of open alerts touch a Crown Jewel asset.
- 13%*
of all alerts were classified as critical in 2026, up from 1.4% in 2025.
INTRODUCTION
The last mile is still the hardest to solve at scale
2025 marked the release of the first State of Cloud Remediation report. The thesis was simple. Cloud security had a last-mile problem. Detection tools were finding more than teams could fix, backlogs were growing, and the gap between “identified” and “resolved” was measured in months.
That report drew on 4.76 million CNAPP alerts. This year’s dataset is three times larger, with 14.86 million cumulative detections across hundreds of enterprise environments, ten CNAPPs, and every major cloud provider.
The core problem hasn’t changed. Detection continues to scale, remediation continues to lag behind it, and more than half of all detections in the dataset are still open as of May 2026. The open share for the current year alone (53%) is up from 41% in 2025, even as closure rates improved across most categories. We’re seeing more alerts created than remediated, and the gap is widening, not narrowing.
The reasons are compounding fast:
- Critical-tagged alerts are surging, but team sizes haven’t grown to match
- Applications are becoming more agentic, expanding the blast radius
- Developers are writing more code with AI, and more code means more vulnerabilities.
After analyzing almost 15 million detections, we can now separate what’s improving from what’s getting worse. The trends we flagged last year are still relevant and several have accelerated.
EXECUTIVE SUMMARY
Detection without resolution isn’t sufficient cloud security.
The 2026 dataset tells a consistent story across every CNAPP, cloud provider, and customer cohort.
Detection has done its job, alerts are surfaced, classified, and waiting, but the operational layer responsible for closing them hasn’t kept up with the staggering volume it’s being asked to absorb. The numbers below represent what that gap looks like when you measure it across 14.86 million detections.
That’s because detection and incident response aren’t the same as proactive risk reduction.
With detection powered by frontier AI models and attackers using dedicated AI agents, remediation has to become faster while supporting safer workflows that reduce risk without disrupting production.
According to Gartner®
Key Highlights
-
Detection is surfacing more cloud exposures than teams can remediate:
53% of detections remain open. The unresolved pile is larger than the resolved one, as scanners continue to flag risk without addressing the root cause. Scaling remediation is still a major challenge. -
Critical alerts remain open on average:
Critical alerts remain open on average 150 days from open to close. Technical change is rarely the bottleneck. Cross-team coordination is. In many environments, failed patches have created a lasting fear of pushing changes to production systems nobody fully understands. That fear adds weeks to every remediation cycle. -
Vulnerability Management remained the slowest-closing category:
Vulnerability Management slowed by 22%, from 230 to 282 days to close. High volumes, vendor patch dependencies, and production risk made safe remediation harder to execute. -
6.3% of alerts touch a Crown Jewel asset:
Detection alone cannot tell you which alerts actually matter to the business. Remediation prioritized by asset criticality allows you to focus on addressing the most risk per remediation.
“The next phase of cloud security isn’t a faster human pipeline or a single autonomous agent. It’s an orchestration layer that coordinates specialized skills across categories, each with its own ownership model, dependencies, and blast radius. Detection feeds it. Remediation is what it delivers.”
Marina Segal,
CEO and Co-founder
Tamnoon
TAKEAWAY 1
True security requires closing the loop at the speed of detection
At the end of May 2026, 53% of CNAPP detections remain open across 800 accounts observed in this study. Of those, 6.3% were connected to a Crown Jewel asset.
Detection produces more alerts than the average organization can absorb, and the open share has held at 40–50% in previous years, despite closure rates improving. That open share shows how much risk remains when detection is treated as the finish line.
The open alert backlog has outgrown the closed one every year. While closure rates throughput has improved, teams still struggle with how to safely remediate at scale without breaking production workloads. The system is working hard, but without an operational layer dedicated to closing the issues CNAPPs find, it cannot win.
It’s also clear composition matters more than volume. The easy alerts get closed first, what remains is far more difficult to address. That’s why the open share stays near 53% even as closure rates rise — the closure stream fills with harder work as the easy work clears. Detection-first investment has produced volumes the operational layer cannot absorb on its own. The gap is structural, and it is exactly the gap Tamnoon was built to close.
“The challenge isn’t finding vulnerabilities — it’s proving which ones actually matter. As AI accelerates development, vulnerability volume will continue to outpace our remediation capacity. Runtime context is what turns endless queues into actionable priorities by showing what is actually exposed, reachable, and exploitable.”
Jake Martenes,
Field CISO
Upwind
TAKEAWAY 2
The critical backlog is growing and the fixes are getting harder
Across every CNAPP and customer cohort in the dataset, the alerts the scanner flags as most consequential take the longest to close. The limiting factor is never the configuration change, but is almost always coordinating that change safely across owners, vendors, compliance, and change windows. Severity classifications aren’t standardized across CNAPPs (see Methodology). The operational pattern — the consequential work that needs an orchestration system — appears in every vendor and every cohort.Across every CNAPP and customer cohort in the dataset, the alerts the scanner flags as most consequential take the longest to close. The limiting factor is never the configuration change, but is almost always coordinating that change safely across owners, vendors, compliance, and change windows. Severity classifications aren’t standardized across CNAPPs (see Methodology). The operational pattern — the consequential work that needs an orchestration system — appears in every vendor and every cohort.
The most consequential detections span more owners, touch production systems, regulated data, and vendor patch cycles. None of that compresses with faster scanning. The scanner finds the work, but it does not own the work.
What’s working in cloud security
Programs that have measurably reduced critical-tier MTTR named a single owner per category, defined cross-functional handoffs in advance, and built the unglamorous infrastructure (runbook automation, change-window scheduling, vendor escalation paths) that turns coordination from ad-hoc to predictable.
“The industry keeps rewarding better detection while underinvesting in remediation. Organizations aren’t compromised because they failed to detect risk. They’re compromised because exposures remain unresolved.”
Michael St.Onge,
Enterprise Security Architect
Okta
TAKEAWAY 3
The long tail is coordination work, which is where active remediation wins
Looking at MTTR, three categories cluster well above the rest
1. Vulnerability Management 282d.
2. Privacy Regulations 242d.
3. Password Management 242d.
Each one requires coordination across systems, teams, and ownership paths that no CNAPP controls or orchestrates.
Privacy Regulations and Password Management need legal review and identity ownership before any technical fix ships. Vulnerability Management depends on vendor patch windows and change approvals that internal teams don’t control. These aren’t scanner problems. They’re remediation orchestration problems.
And these categories are about to get heavier. Vulnerability management is already the slowest and highest-volume category in the dataset. With AI-generated code accelerating what gets deployed, and detection tools getting better at finding what those systems produce, the remediation queue for this category will grow faster than the capacity to clear it.
“Risk remediation is a scale problem that simply can’t be solved by humans alone…Human-in-the-loop will remain the norm until trust can be built up over time.”
Dec 2025
TAKEAWAY 4
Closure times improved across the board, except Vulnerability Management
Across recurring categories in both 2025 and 2026 with closure logic unchanged, three of four major categories closed faster year-over-year throughout the industry. The exception is the one category tied to external vendor dependencies: Vulnerability Management.
The one category that went the other way is the clearest argument for the thesis.
Vulnerability Management closure depends on vendor patch availability, regression-testing cycles, approved release windows, and supply-chain coordination — all things internal teams don’t control.
Configuration detections can be remediated in a sprint, but Vulnerabilities wait on external delivery. Faster scanning and pipelines won’t help. The only lever is sustained orchestration across vendor and internal release cycles. Vulnerability Management is also the largest recurring category, accounting for roughly 19% of all 2026 alerts.
Part of what separates faster programs from slower ones is how they evaluate risk before remediating. Not every vulnerability carries the same operational risk. Some fixes can be applied immediately with near-zero blast radius. Others touch production-critical workloads where a failed patch could cause an outage. Teams that assess functional and operational risk upfront can move quickly on the low-risk work and apply the right level of review to the rest. Teams that don’t end up treating every fix like it’s high-risk, which means nothing moves fast.
Unsurprisingly, the category most resistant to scanning-led intervention is also the largest. That is the case for an orchestration layer at the center of the security stack, not a detection layer at the front of it.
And these categories are about to get heavier. Vulnerability management is already the slowest and highest-volume category in the dataset. With AI-generated code accelerating what gets deployed, and detection tools getting better at finding what those systems produce, the remediation queue for this category will grow faster than the capacity to clear it.
“Vulnerabilities is the one category that got slower this year. With AI writing more code and detection finally catching up, that was the predictable outcome. Creation scaled. Detection scaled. Remediation is the gap — and the gap is the attack surface.”
Pramod Gosavi,
Sr. Principal
Blumberg Capital
TAKEAWAY 5
The most common misconfigurations haven't changed since last year
Closing alerts faster doesn’t eliminate the categories that produce them. The top misconfigurations in 2026 look nearly identical to 2025’s, and the top eight represent roughly 20% of all alerts across the major cloud providers represented in the dataset.
Scanners find problems, but without a closure-and-prevention loop, that’s all they do.
| Misconfiguration | Category | % of Total Alerts |
|---|---|---|
| Read-only container root filesystems not enforced | Compute | 4.1% |
| Vulnerability Management (Critical + High) | Vulnerability Mgmt | 3.9% |
| Compute instances missing SSH key-pair | Compute | 2.4% |
| Unencrypted block-storage volumes | Storage | 2.3% |
| Unmanaged compute instances | Operational | 2.0% |
| Metadata service v2 not enforced | Compute | 1.9% |
| Missing vulnerability assessment | Compute | 1.8% |
| Container health checks not enabled | Compute | 1.8% |
Container read-only file systems and health checks are runtime hardening gaps, accounting for nearly 6% of the dataset. Container security has been an established problem for two decads and remains largely unaddressed.
The technical fix is simple. The organizational coordination required to deploy fixes at scale across multiple environments and cloud providers is not. That coordination layer is the part of the security stack that detection has never owned, and it’s the part Tamnoon is built around.
Chris Farrisi,
Cloud Security Advisor and vCISO
Affiliation - Securosis
TAKEAWAY 6
Critical alert volume has surpassed human capacity
A year ago, Critical alerts were a small fraction of the queue. In the 2026 dataset, they represent approximately 13% of all new alerts, up from 1.4% in 2025. Those same alerts remain open for 150 days, a 17% increase from last year.
Some of that shift reflects expanded coverage and evolving severity logic across CNAPPs, but the reality is clear. Security teams lack the time, resources, and expertise to manage an expanding backlog of high risk alerts.
~13%*
critical-tagged share of new alerts in 2026 versus 1.4% in 2025. The volume of high-severity work landing in security teams’ queues can no longer be absorbed by existing headcount.
Two effects are stacking:
- This Report Coverage expansion: Cortex Cloud, Upwind, Sentinel One, on-prem, and new alert types added in 2026 surfaced new findings.
- Detection maturity: As CNAPP tooling evolves, Critical no longer just means a high CVSS score. Modern detection factors in reachability, exploitability, and real-world attack paths. The bar for Critical became more meaningful, and the volume of alerts crossing that bar exploded at the same time.
That second shift is important because it extends beyond severity scores into genuinely exploitable risks that require action.
The operational implication is significant. Severity-based routing rules built two years ago are now misaligned with the alert mix teams are receiving. If a team was designed to handle a backlog with 1% Critical alerts, then an annual 10X increase in detections will overwhelm that operating model. This means SLAs, on-call thresholds, and escalation paths all warrant a re-check, as the staffing model and technology behind them must change shape to keep up.
This trajectory won’t flatten any time soon. AI is accelerating both sides of the problem. Detection tools are getting smarter, surfacing more real risk, but threat actors are using AI to find and exploit vulnerabilities faster than ever. The volume of Critical alerts will keep climbing and manual remediation cannot keep up with either reality. The only viable path forward is autonomous remediation that matches the speed of both.
“There’s a threshold where the volume of high-severity findings exceeds what manual operations can process reliably. The data suggests most organizations have already crossed it. The response has to be systemic, not incremental.”
Idan Perez,
CTO and Co-founder
Tamnoon
2025 vs 2026
What changed since 2025
The 2026 dataset is three times larger than last year’s, and the story it tells is worse. There are more alerts overall, more Criticals specifically, and the work required to close them is harder than what teams were closing two years ago.
Critical alert MTTR jumped from under 40 days in 2024 to 150 days in 2026. That isn’t because teams got slower. The alerts now reaching the closure stream carry wider blast radius, more cross-team coordination, and more production risk than the ones that were cleared first.
The numbers below represent what that gap looks like when you measure it across 14.86 million findings:
First, 53% of all detections remain open, and that share has held in the 40–50% range for years. Of those, 6.3% are tied to Crown Jewel assets. It’s clear detection continues to outpace the operational capacity to close what it finds. Open alerts now outnumber closed ones.
Criticals grew by 10X, while MTTR for them increased by 17%. Easier work is being cleared first, but what remains is structurally harder to fix. The pipeline expanded and the backlog became heavier and more complex.
The next phase of remediation requires a more engineered, autonomous approach — one that can match the speed of detection, handle coordination-heavy categories, and safely close the work that manual approaches can’t handle.
TLDR; FOR CLOUD SECURITY LEADERS
What this means for cloud security leaders
Three things matter for the budget, headcount, and architecture decisions over the next twelve months:
-
Active risk lives in the open backlog and should be reported there
The board-relevant number is not "alerts closed this quarter" or "alerts detected." It’s open alerts on Crown Jewel assets, by age range. With more than half the dataset still open and the longest tail at 282 days, exposure is measured in years. Closure-rate dashboards understate this. Age-based reports surface it. -
Focus on intelligent prioritization using Crown Jewel analysis
CNAPP severity classifications are inconsistent across vendors. Asset criticality is defined by the business, not the scanner. CISOs should focus on how many detections tied to Crown Jewel assets remain open, and for how long. Severity can be useful for routing inside the security team, but detection alone cannot deliver an accurate view of risk like remediation prioritized by asset value can. -
Coordination is the invisible budget line costing you as long as nobody owns it
Faster scanners, more analysts, and AI-assisted triage all address technical throughput. None address the coordination layer where most close-time elapses. Map the org chart for an open Privacy Regulations, and it’ll touch cloud security, application engineering, legal, vendor management, and sometimes finance. No team owns the end-to-end closure timeline. The remediation gap is structurally an unowned-coordination gap. Programs that have closed it — including every category in this dataset where MTTR fell — did so by making coordination an explicit, owhned, and resourced practice.
SELF-ASSESSMENT
Questions cloud security leaders
should be able to answer
If your team can’t answer these in under five minutes, the data doesn’t live where it should, and the gap between detection and security is wider than your dashboards suggest.
- What is our open vs closed alert ratio, and is the open alert backlog growing, flat, or shrinking?
- What is our actual MTTR by severity, and how does it compare to our SLA commitments?
- Which categories close slowest, and who owns them end-to-end?
- Which misconfigurations, code, and container vulnerabilities contribute the most volume to our open backlog?
- What share of our open alerts touch Crown Jewel assets, and is that share rising?
- Where is shift-left preventing new alerts, and where is the same misconfiguration being introduced repeatedly?
CONCLUSION
Detection without remediation isn’t security
Last year, the question was whether active remediation could meaningfully reduce the cloud security backlog. This year revealed that 53% of alerts remain open across the largest documented dataset of CNAPP detections, forming the baseline for what companies can expect from manual remediation.
We also saw three of four major recurring categories close faster year-over-year. Alerts tied to Availability decreased by 63%, while IAM Hygiene and Credential Access each fell 23%. The categories that didn’t move were bounded by external dependencies that no scanner or internal team can compress alone, and those are the categories an operational remediation layer is designed to address.
The initial goal for most cloud security teams was to clear the obvious backlog and prove that active remediation. Next comes the more difficult work — managing coordination-heavy categories, vendor-bounded vulnerabilities, Crown Jewel assets — without losing the speed gains. 2026 shows where the work is. 2027 will show who built the system to handle it.
The data points to one conclusion. Remediation has to be engineered, autonomous, and safe by default. That’s the only model that scales with what detection and the current threat landscape is producing.3
“Optimizing remediation is critical today because while most organizations have security solutions in place, they still face incidents because they cannot prioritize the findings and drive the needed remediation in time to prevent them. This study articulates the challenges most organizations face as they deal with rapidly scaling alerts and the need to drive efficient remediation to mitigate security risk.”
Melinda Marks,
Practice Director, Cybersecurity
Omdia
LOOKING FORWARD
Cloud security in the era of frontier AICloud security in the era of frontier AI
More than half the backlog is still open, and what remains is structurally harder to solve. The cloud surface is now shaped by AI on all sides. Attackers, developers, and detection tooling are all accelerating at once.
The external data confirms it. CVE submissions to NIST grew 263% between 2020 and 20253. By April 2026, NIST announced it could no longer fully enrich most new vulnerabilities. GitHub is on pace for 14 billion commits this year, up from 1 billion in 2025, driven largely by AI coding agents4. More code means more vulnerabilities, more alerts, and more remediation work entering a pipeline that was already overloaded.
Detection alone cannot keep up because it never could.
Four forces are converging on the same conclusion:
1. Volume is past human-only capacity
53% of alerts are still open as of May 2026 and the cloud surface keeps expanding. AI-assisted development is accelerating intake faster than headcount can scale. Engineered remediation is no longer a productivity choice, it’s a capacity requirement.
2. The velocity gap between attackers and defenders is widening
Speed parity is no longer a competitive advantage. It’s the new floor. Defenders who match attacker velocity do so with engineered remediation. Those who don’t are running detection-only programs against an AI-augmented adversary.
3. The remaining work is structurally harder
Critical-tier detections take 150 days to close, up from 128 days in 2025. Coordination-heavy categories — Vulnerability Management 282d, Privacy Regulations 242d, Password Management 242d — close 3–6X slower than typical work. None of this yields to faster human operations. All of it yields to orchestrated remediation with the right ownership model and safety controls.
4. Cloud security is too varied for any single agent
This report documents over a hundred distinct alert categories, each with its own remediation flow, ownership pattern, and safety profile. A single general-purpose agent can’t close work that varies category by category. Neither can a generic playbook. Closure at machine speed requires many specialized skills, orchestrated with safety controls, and human oversight where blast radius is high. That is the architecture Tamnoon is building towards with Tami, and the architecture the data argues the industry now requires.
METHODOLOGY TRANSPARENCY
Population
This study analyzes real-world cloud security data from hundreds of enterprise environments before active remediation took place, providing empirical evidence rather than relying on survey responses.
- 14.86 million cumulative CNAPP detections: collected across hundreds of enterprise cloud environments before active remediation took place.
- Customer base: hundreds of enterprise programs across financial services, technology, healthcare, retail, and the public sector.
- Cloud providers: Amazon Web Services (AWS) · Google Cloud Platform (GCP) · GitHub · Kubernetes (managed and on-prem) · Microsoft Azure · Oracle Cloud Infrastructure (OCI). AWS represents the largest share.
- CNAPPs covered: AWS Security Hub · Check Point CloudGuard CNAPP · Cortex Cloud (Palo Alto Networks) · CrowdStrike Falcon Cloud Security · Cyera · Google Security Command Center · Microsoft Defender for Cloud · Orca Security · Prisma Cloud (Palo Alto Networks) · SentinelOne Singularity Cloud Security · Upwind · Wiz
All data was anonymized to protect organizational privacy
Classifying Findings by Category
Alerts were classified into categories based on the nature of the underlying risk, such as Vulnerability Management, Credential Access, IAM Hygiene, Availability, Privacy Regulations, and others. Categories reflect the remediation workflow and coordination required to close a given alert, not just the asset type involved.
Classifying Findings by Status
An alert is classified as open or closed based on the status reported by the source CNAPP at the time of analysis. Resolution paths include configuration change, asset decommissioning, formal exception, or rule change. The dataset does not distinguish between these in aggregate.
The 53% open figure is a status snapshot as of May 2026. For each alert opened in the dataset window, its current status was recorded.
Severity Classification
Severity tags are assigned by the source CNAPP and are not standardized across vendors. Classifications shift between CNAPP releases. This report uses severity-tier MTTR only where the pattern is consistent across vendors and environments.
*On the Critical-severity share increase: The shift from ~1.4% to 13% reflects two compounding factors. The 2026 dataset is broader, with new CNAPP sources surfacing previously uncaptured findings. At the same time, modern CNAPPs evolved what qualifies as Critical, factoring in reachability and real-world exploitability rather than CVSS scores alone. Both factors contribute, and neither alone accounts for it.
Year-over-Year Comparability
Definitions
- Alerts/Detections: A notification generated by a CNAPP indicating a potential vulnerability, misconfiguration, or compliance issue in a cloud environment.
- Category: A grouping of alerts based on the nature of the underlying risk and the remediation workflow required to resolve it.
- Severity: A risk level assigned by the source CNAPP. Each platform uses its own scoring methodology.
- Crown Jewel Asset: A business-critical cloud asset identified through metadata, asset tags, or architecture review. Used to flag alerts with outsized potential business impact relative to volume. Where tagging was unavailable or inconsistent, assets were excluded from Crown Jewel calculations rather than inferred.
Key Metrics
- MTTR (Mean Time to Remediate): The average time it takes to close an alert, measured from when it is opened to when it is resolved. This calculation includes only closed alerts.
- Open Share: The percentage of alerts that remain open at the time of analysis, measured across all alerts ever created in the dataset window.
Cited research
¹ Gartner, Enhancing CNAPP for Agentic Remediation and Business-Driven Risk Determination, Charanpal Bhogal, Dale Koeppen, Neil MacDonald, 13 March 2026.
2 Omdia – Research Report: Automating Risk Reduction in the AI Era
3 NIST: https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth
4 GitHub: came from COO tweet – https://x.com/kdaigle/status/2040164759836778878
Fix What Your CNAPP Finds
Tamnoon finishes what CNAPPs start. Our platform delivers battle-tested remediation at machine speed, safely resolving vulnerabilities and misconfigurations while dramatically reducing friction between cloud security and development teams.
