The Cybersecurity and Infrastructure Security Agency (CISA) has emphasized the need for agencies to adopt a more strategic approach to patching vulnerabilities, in response to increasingly sophisticated cyber threats. This shift in strategy is driven by the evolving nature of attacks, which are now often designed to exploit unpatched vulnerabilities in a targeted manner. Recent incidents, such as the Tchap breach in France and the disclosure of stolen data by NHS trusts, highlight the importance of proactive patch management. Microsoft has also warned of AI-themed attacks, which pose a significant threat to organizations that fail to keep their systems up to date1. As CISA tightens its patching rules, agencies and organizations must prioritize patch management to mitigate the risk of breaches. This renewed focus on patching matters to security practitioners, as it has significant implications for downstream regulatory and supply-chain effects, and failure to comply may lead to severe consequences.