• Category: Security
  • Status: discussion
  • Sources: Epoch AI data insight, HN discussion
  • Summary: An Epoch AI analysis reports that high- and critical-severity CVE disclosures from 21 large organizations reached about 1,500 in June 2026, more than 3.5 times the monthly record before Anthropic announced in April 2026 that Claude Mythos Preview could autonomously discover vulnerabilities. Epoch draws the counts from cve.org and limits them to a fixed set of 21 vendors. It states two caveats: the figures exclude discovered-but-unpublished vulnerabilities (Anthropic claims Project Glasswing alone identified over 10,000 undisclosed high- and critical-severity issues), and the rise may reflect both cheaper discovery and increased interest, so causality is uncertain.
  • Why it matters: If AI-assisted discovery is driving a step change in disclosed vulnerabilities, maintainers and vendors face a sustained increase in triage and patch load, which is the concrete cost behind the curl report-handling pause and the FFmpeg AI-found zero-days.
  • Follow-up: Track whether the elevated disclosure rate persists past June 2026 and any vendor or coordinated-disclosure process changes in response.

Send feedback on this story