In today’s rapidly evolving technology and threat landscape, responsible transparency should be a cornerstone of any product security program. Especially with the advancements in AI, we believe it is important to respond quickly when a new risk is discovered.
Ivanti’s efforts integrating AI into our development and product security process have increased the capabilities of our Engineering and Product Security Red Teams to identify and fix vulnerabilities. Our objective in proactively discovering issues is to increase the resilience of our products in today’s threat environment and reduce the likelihood of exploited-in-the-wild Zero Days. We have already successfully identified vulnerabilities traditional tools missed, including some that are being disclosed today.
Importantly, we are committed to using AI responsibly in product security, including keeping a human in the loop to verify automated or agentic work. Our top priority is the security of our customers, and we expect that this work will naturally increase the number of vulnerabilities found, fixed, and disclosed. While this will result in an uptick in disclosures, we see this as a good thing, and an important part of ensuring our products keep pace with modern security requirements as they change.
To this end, we are issuing an important security update addressing vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM).
- More information can be found in the Security Advisory, which describes the nature of the vunlerabilities and detailed remediation instructions for customers.
- At the time of disclosure, we are aware of very limited exploitation of CVE-2026-6973, which requires admin authentication for successful exploitation.
- We are not aware of any customers being exploited by the other vulnerabilities disclosed today.
The issues only affect the on-prem EPMM product, and are not present in Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products.
Advanced AI models have collapsed the time-to-exploit from days to hours after disclosure. Because of this, we strongly encourage our customers to apply the patch to their on-premises EPMM promptly to protect their environment.
How AI will affect vulnerability announcements in our products
Ivanti continues to explore, test, and implement leading technologies and processes in our product development. In recent months, our security team began a project to integrate multiple advanced LLM models into our product security processes.
This project has increased the capabilities of our Engineering and Product Security Red Teams to identify and fix vulnerabilities, especially those that are difficult to identify with traditional tooling, such as SAST and DAST. We have already successfully identified vulnerabilities which traditional tools missed, including some of those disclosed today.
As these tools are integrated further into our processes and refined, we expect an increase in vulnerability disclosures. We will continue to share transparently what we have found and resolved to ensure the security of our products. If you are not already following our Security Blog or subscribed to receive alerts for updates on the products you own through the Ivanti Innovators Hub, we highly recommend you do so.
Our top priority is the security of our customers and believe the increase in identified, resolved, and transparently communicated vulnerabilities demonstrates that commitment.
Our Support team is always available to help customers and partners should they have any questions. Cases can be logged via the Ivanti Innovators Hub (login credentials required).
Want to stay up to date on Ivanti Security Advisories? Paste https://www.ivanti.com/blog/topics/security-advisory/rss into your preferred RSS reader / functionality in your email program.