No known exploit
Useful for pacing, but not proof that exploitation is impossible. Continue validating exposure, impact, and patch availability.
Exploit Maturity
Exploit evidence changes urgency, not proof boundaries.
Use this guide to separate no known exploit, proof of concept, weaponized exploit, active exploitation, and KEV status from local exposure or compromise claims.
Levels
What exploit maturity can and cannot prove
Proof of concept
Raises validation urgency, especially for exposed assets. It does not prove attacker use, local reachability, or compromise.
Weaponized exploit
Suggests lower attacker effort and stronger SOC interest. Pair with exposure, telemetry, and patch or mitigation path.
Active exploitation
Demands fast validation and likely escalation, but still needs local asset and telemetry proof before incident language.
KEV listed
Known exploited in the wild. Use as a strong trigger for action, not as proof your environment is affected or compromised.
Exploit rumor
Handle as low-confidence pressure until sourced. Preserve caveats and route to source-confidence review.
Safe Language
Say what the exploit evidence supports
Safe owner ask
Public exploit context increases urgency for validation. Please confirm affected version, exposure path, compensating controls, and earliest safe remediation window.
Safe SOC ask
Please review available telemetry for behavior related to this vulnerability. A clean scoped search is useful evidence, but it is not proof that no activity occurred outside the searched data.
Safe leadership note
This vulnerability has credible exploit pressure. We are validating local exposure and patch path now; current evidence does not yet confirm local compromise.
Recommended route: preserve exploit caveats, validate exposure, ask SOC for scoped telemetry, and choose a decision lane.