Any company serious about cybersecurity knows that the future of cybercrime will hinge on who can find vulnerabilities the fastest. For years, vulnerabilities have been at the heart of a tense race between attackers and defenders. Vendors, researchers, and bug bounty hunters search for weaknesses so they can fix them to keep businesses safe. Cybercriminals look for those same flaws so they can exploit them.

Both sides invest heavily in this search. Yet even when defenders gain an advantage by discovering a new vulnerability and issuing a patch, criminals can reverse engineer the update to discover what has been fixed, and attempt to exploit it. They do this because they know that many organizations will not install those fixes right away.