The age where you could rely on CVE and sleep well is over
Over 60% of exploits in 2023 were CVE-Less, meaning they had no disclosed CVE at the time of the exploit. These CVE-Less vulnerabilities include malicious packages, AI Package Hallucinations, reported but not disclosed CVEs (aka. CVE/NVD backlog), library misconfigurations and of course the infamous Zero-Days.
In order to keep up with sophisticated attackers and ensure the security of modern cloud applications, organizations are now required to add a security layer which can detect attacks without relying on existing CVE signatures.