Automox announced its authorization as a CVE (Common Vulnerabilities and Exposures) Numbering Authority (CNA).
This designation allows Automox to assign CVE IDs to vulnerabilities discovered in its products and solutions, reinforcing its commitment to transparency and meeting its CISA secure by design pledge.
CVE is an industry-standard program that identifies and catalogs publicly disclosed cybersecurity vulnerabilities to improve awareness and mitigation efforts. By becoming a CNA, Automox joins a global network of trusted organizations authorized to identify and disclose critical vulnerabilities, fostering a safer, more resilient IT operations landscape.
“Receiving this authorization from the CVE Program underscores Automox’s dedication to improving security transparency,” said Tom Bowyer, Director of Security at Automox. “It demonstrates our commitment to proactively identifying and addressing vulnerabilities to protect our customers and the broader technology community. By contributing to the CVE Program, Automox continues to support the collective effort to strengthen the security posture of organizations worldwide.”
Automox streamlines IT operations through its automated patch management, configuration management, and software deployment solutions. This capability ensures enterprises can address vulnerabilities at scale, reducing their attack surface and maintaining business continuity. As a CNA, Automox enhances this value by swiftly and responsibly informing the CVE database of exposures identified in its software.
The CVE Program’s recognition of Automox as a CNA reflects the platform’s growing influence in simplifying and securing IT operations for businesses.
The Latest
As AI adoption accelerates, operational complexity — not model intelligence — is becoming the primary barrier to reliable AI at scale, according to the State of AI Engineering 2026 from Datadog ... The report highlights a compounding complexity challenge as AI systems scale ... Around 5% of AI model requests fail in production, with nearly 60% of those failures caused by capacity limits ...
For years, production operations teams have treated alert fatigue as a quality-of-life problem: something that makes on-call rotations miserable but isn't considered a direct contributor to outages. That framing doesn't capture how these systems fail, and we now have data to show why. More importantly, it's now clear alert fatigue is a symptom of a deeper issue: production systems have outgrown the current operational approaches ...
I was on a customer call last fall when an enterprise architect said something I haven't been able to shake. Her team had just spent four months trying to swap one AI vendor for another. The original plan said three weeks. "We didn't switch vendors," she told me. "We rebuilt half our integrations and discovered what we'd actually been depending on." Most enterprise leaders don't expect that to be the experience ...
Ask any senior SRE or platform engineer what keeps them up at night, and the answer probably isn't the monitoring tool — it's the data feeding it. The proliferation of APM, observability, and AIOps platforms has created a telemetry sprawl problem that most teams manage reactively rather than architect proactively. Metrics are going to one platform. Traces routed somewhere else. Logs duplicated across multiple backends because nobody wants to be caught without them when something breaks. Every redundant stream costs money ...
80% of respondents agree that the IT role is shifting from operators to orchestrators, according to the 2026 IT Trends Report: The Human Side of Autonomous IT from SolarWinds ...
40% of organizations deploying AI will implement dedicated AI observability tools by 2028 to monitor model performance, bias and outputs, according to Gartner ...
Until AI-powered engineering tools have live visibility of how code behaves at runtime, they cannot be trusted to autonomously ensure reliable systems, according to the State of AI-Powered Engineering Report 2026 report from Lightrun. The report reveals that a major volume of manual work is required when AI-generated code is deployed: 43% of AI-generated code requires manual debugging in production, even after passing QA or staging tests. Furthermore, an average of three manual redeploy cycles are required to verify a single AI-suggested code fix in production ...
Many organizations describe AI as strategic, but they do not manage it strategically. When AI plans are disconnected from strategy, detached from organizational learning, and protected from serious assumptions testing, the problem is no longer technical immaturity; it is a failure of management discipline ... Executives too often tell organizations to "use AI" before they define what AI is supposed to change. The problem deepens in organizations where strategy isn't well articulated in the first place ...
Across the enterprise technology landscape, a quiet crisis is playing out. Organizations have run hundreds, sometimes thousands, of generative AI pilots. Leadership has celebrated the proof of concept (POCs) ... Industry experience points to a sobering reality: only 5-10% of AI POCs that progress to the pilot stage successfully reach scaled production. The remaining 90% fail because the enterprise environment around them was never ready to absorb them, not the AI models ...
Today's modern systems are not what they once were. Organizations now rely on distributed systems, event-driven workflows, hybrid and multi-cloud environments and continuous delivery pipelines. While each adds flexibility, it also introduces new, often invisible failures. Development speed is no longer the primary bottleneck of innovation. Reliability is ...