AI just changed the math on software vulnerabilities. Here’s what we’re doing about it.

Jason Dobbs
Blog
July 9, 2026

Threat discovery used to be slow, expensive, and manual. That era is over.

The emergence of Mythos and similar AI technologies has fundamentally changed the urgency and responsibility of vulnerability management for software vendors. Threat discovery is now cheap, fast, and intelligent, allowing vulnerabilities to be detected at a significantly higher rate with more precision and depth, regardless of their criticality. Furthermore, these technologies can chain vulnerabilities together, associating individual minor Common Vulnerabilities and Exposures (CVEs) into multi-step exploits, thus changing the game by making CVEs of any severity a major risk to the platform and organization.

Getting ahead of the surge

To combat this new threat landscape, PKWARE is executing a multi-faceted approach to harden and reduce the surface area of exposure for our products, to get ahead of the influx of soon-to-be-reported vulnerabilities and allow our customers to be confident that PKWARE has made necessary accommodations for these vulnerabilities in advance of their identification. These efforts include, but are not limited to:

  • Expanding and enhancing the proactive vulnerability scanning we execute into our software, development workflows, and CI pipelines to uncover vulnerabilities across the entire application stack, including open-source 3rd party libraries, and their associated dependencies.
  • Purpose-built migration tools to facilitate seamless and structured migration with PKWARE engineering support from current product versions to hardened versions of our products.

A new approach to product lifecycle support

As a result of the impact of these new technologies and the expected surge of new reported vulnerabilities, PKWARE has revised our Product Lifecycle Support and Vulnerability Mitigation policies to better reflect the new threat paradigm to ensure the security of our products and the customer environment in which they operate. Also, instead of using product release versions as the guiding principle for how long a version is supported, we will now use a time-based approach. When a new minor or major product version is released, we will designate and publish the end of support date for that version, at that time. In general, the expected support term will be 15 months from the GA date, however the terms of support may vary for different versions to allow for ultimate flexibility, responsiveness to security and market conditions, and adaptability for our customers.

Our new vulnerability and support policies pair to give customers product-specific upgrade plans to quickly and effectively migrate to the hardened, future-proof versions of our PKWARE products with minimal impact to their existing operations.

What this means for you

We recognize this represents a meaningful shift in how we communicate and deliver product support commitments. It reflects the reality of the current threat landscape and our commitment to keeping your environment secure. Please reach out to your PKWARE account team with any questions or to begin migration planning.

None of us asked for the threat landscape to change this fast. But it has, and pretending otherwise would not serve you. The changes I've outlined here are how we stay ahead of it together, so the software protecting your most sensitive data is never the weak link.

If you have questions, or you just want to talk through what this means for your environment, my team and I are here. Reach out to your account team and we'll get you a plan.

Thank you for trusting us with your data.

Jason Dobbs
Chief Technology Officer, PKWARE

Frequently Asked Questions

Why is PKWARE changing the way it supports product versions?

Vulnerability discovery has gotten much faster and cheaper because of agentic AI tools. Software vendors across the industry are tightening lifecycle support windows to reduce the time customers spend on versions that are out of active hardening. PKWARE is moving from version-based to time-based support so customers always know exactly when a version’s coverage ends.

What is the new support term?

Generally, 15 months from the general availability (GA) date of each minor or major version. The specific End of Support date is published when the version is released, so it’s never a moving target.

Does this change affect my current contract or SLA?

No. Existing contractual commitments stand. The new policy governs how PKWARE communicates lifecycle dates for versions going forward. If your contract has specific support obligations that conflict with a published EOS date, the contract governs. Contact your account team to confirm.

What happens when a version reaches End of Support?

No new features. Bug fixes are evaluated case by case for critical issues. Security patches for vulnerabilities in PKWARE-built code continue through the published EOS date. After EOS, the path forward is to move to the current supported version.

Will PKWARE keep shipping security patches after End of Support?

No. After EOS, security remediation comes through upgrading to the current supported version. PKWARE will not back-port patches to EOS versions.

What is the recommended migration path for Data Store Manager (DSM) customers?

PK Protect DSM v10 is the current hardened release. All customers on 8.10.5, 9.1, and 9.2 should plan migration to v10. Your account team can walk you through the path specific to your deployment.

What is the recommended migration path for PK Protect Endpoint Manager (PEM) customers?

Move to the most recent PEM Administrator / Agent version. Your account team can walk you through the path specific to your deployment.

My change-control cycle is longer than 15 months. What are my options?

Contact your account team early. PKWARE works with customers whose change cycles need more runway and can help you sequence the move ahead of your published EOS date.

Will migrating to the new version cost anything additional?

Migration to a current supported version is included under active maintenance. Migration services (planning, deployment support, testing assistance) are available separately. Your account team can scope what your environment needs.

Where do I get migration help?

Your PKWARE account team is the starting point. They’ll loop in customer success, professional services, and product engineering as needed.

Share on social media

Threat discovery used to be slow, expensive, and manual. That era is over.

The emergence of Mythos and similar AI technologies has fundamentally changed the urgency and responsibility of vulnerability management for software vendors. Threat discovery is now cheap, fast, and intelligent, allowing vulnerabilities to be detected at a significantly higher rate with more precision and depth, regardless of their criticality. Furthermore, these technologies can chain vulnerabilities together, associating individual minor Common Vulnerabilities and Exposures (CVEs) into multi-step exploits, thus changing the game by making CVEs of any severity a major risk to the platform and organization.

Getting ahead of the surge

To combat this new threat landscape, PKWARE is executing a multi-faceted approach to harden and reduce the surface area of exposure for our products, to get ahead of the influx of soon-to-be-reported vulnerabilities and allow our customers to be confident that PKWARE has made necessary accommodations for these vulnerabilities in advance of their identification. These efforts include, but are not limited to:

  • Expanding and enhancing the proactive vulnerability scanning we execute into our software, development workflows, and CI pipelines to uncover vulnerabilities across the entire application stack, including open-source 3rd party libraries, and their associated dependencies.
  • Purpose-built migration tools to facilitate seamless and structured migration with PKWARE engineering support from current product versions to hardened versions of our products.

A new approach to product lifecycle support

As a result of the impact of these new technologies and the expected surge of new reported vulnerabilities, PKWARE has revised our Product Lifecycle Support and Vulnerability Mitigation policies to better reflect the new threat paradigm to ensure the security of our products and the customer environment in which they operate. Also, instead of using product release versions as the guiding principle for how long a version is supported, we will now use a time-based approach. When a new minor or major product version is released, we will designate and publish the end of support date for that version, at that time. In general, the expected support term will be 15 months from the GA date, however the terms of support may vary for different versions to allow for ultimate flexibility, responsiveness to security and market conditions, and adaptability for our customers.

Our new vulnerability and support policies pair to give customers product-specific upgrade plans to quickly and effectively migrate to the hardened, future-proof versions of our PKWARE products with minimal impact to their existing operations.

What this means for you

We recognize this represents a meaningful shift in how we communicate and deliver product support commitments. It reflects the reality of the current threat landscape and our commitment to keeping your environment secure. Please reach out to your PKWARE account team with any questions or to begin migration planning.

None of us asked for the threat landscape to change this fast. But it has, and pretending otherwise would not serve you. The changes I've outlined here are how we stay ahead of it together, so the software protecting your most sensitive data is never the weak link.

If you have questions, or you just want to talk through what this means for your environment, my team and I are here. Reach out to your account team and we'll get you a plan.

Thank you for trusting us with your data.

Jason Dobbs
Chief Technology Officer, PKWARE

Frequently Asked Questions

Why is PKWARE changing the way it supports product versions?

Vulnerability discovery has gotten much faster and cheaper because of agentic AI tools. Software vendors across the industry are tightening lifecycle support windows to reduce the time customers spend on versions that are out of active hardening. PKWARE is moving from version-based to time-based support so customers always know exactly when a version’s coverage ends.

What is the new support term?

Generally, 15 months from the general availability (GA) date of each minor or major version. The specific End of Support date is published when the version is released, so it’s never a moving target.

Does this change affect my current contract or SLA?

No. Existing contractual commitments stand. The new policy governs how PKWARE communicates lifecycle dates for versions going forward. If your contract has specific support obligations that conflict with a published EOS date, the contract governs. Contact your account team to confirm.

What happens when a version reaches End of Support?

No new features. Bug fixes are evaluated case by case for critical issues. Security patches for vulnerabilities in PKWARE-built code continue through the published EOS date. After EOS, the path forward is to move to the current supported version.

Will PKWARE keep shipping security patches after End of Support?

No. After EOS, security remediation comes through upgrading to the current supported version. PKWARE will not back-port patches to EOS versions.

What is the recommended migration path for Data Store Manager (DSM) customers?

PK Protect DSM v10 is the current hardened release. All customers on 8.10.5, 9.1, and 9.2 should plan migration to v10. Your account team can walk you through the path specific to your deployment.

What is the recommended migration path for PK Protect Endpoint Manager (PEM) customers?

Move to the most recent PEM Administrator / Agent version. Your account team can walk you through the path specific to your deployment.

My change-control cycle is longer than 15 months. What are my options?

Contact your account team early. PKWARE works with customers whose change cycles need more runway and can help you sequence the move ahead of your published EOS date.

Will migrating to the new version cost anything additional?

Migration to a current supported version is included under active maintenance. Migration services (planning, deployment support, testing assistance) are available separately. Your account team can scope what your environment needs.

Where do I get migration help?

Your PKWARE account team is the starting point. They’ll loop in customer success, professional services, and product engineering as needed.

Share on social media