Vulnerability management has rapidly become a key cyber risk management area of focus for financial services firms. Recent developments in frontier AI and the continued challenges posed by legacy technology prompted debates on whether current operating models remain fit for purpose.
In June 2026, we hosted focused calls on vulnerability management with ORX Cyber subscribers to explore how firms are managing these evolving challenges. The conversations built on themes heard at the 2026 European Cyber Forum, where participants described vulnerability management as a growing concern and commented that firms are being asked to “solve a 20-year problem in 6 months”. They also followed discussions on Claude Mythos and other frontier AI models as part of the ORX Cyber Working Group, where questions were raised around whether firms are prepared respond to vulnerabilities at “machine speed”.
This blog summarises the key themes from those discussions and provides a round-up of current and emerging good practices across governance, prioritisation, remediation, legacy technology and 2LOD oversight.
true
