Expanding on this latest post (https://www.linkedin.com/posts/activity-7389333041816481792-LdEb)
How was the prediction made? How did we predict that CVE-2025-33073, published in June, would eventually be added to a known exploited vulnerability (KEV) watch-list? How can we audit that the prediction was made forward in time? This show and tell video gives an explanation of the CAUSALITY project which has generated 132 provable CVE predictions since January with a mean early warning time of 124.5 days.
The difference between exploitation detection and exploitation prediction is akin to the difference between detecting a missile launch and detecting a missile detonation – two very different outcomes. Every exploitation cycle we can avoid gives time back to dev and business teams in addition to security.
ODR - openDR 