"AI appears to be finding software vulnerabilities at scale. In June 2026, 21 notable organizations disclosed ~1,500 high- and critical-severity CVEs, over 3.5× the previous monthly record set before Claude Mythos Preview's release." — Epoch AI

The surge follows Anthropic's April announcement that Claude Mythos Preview could autonomously discover software vulnerabilities, and that trusted partners had been using it to find and fix bugs ahead of the model's public release. Anthropic says Glasswing has surfaced 10k+ high- or critical-severity vulnerabilities so far (some remain unpublished). OpenAI's Daybreak program likely adds more.

The spike in CVEs likely reflects this wave of AI-assisted discovery.

Full Data Insight: The open question: can defenders use frontier models to patch vulnerabilities faster than attackers can exploit them? CVE disclosures are a window into how that contest is playing out.

Track and explore the CVE data yourself: — Epoch AI

Source: https://x.com/EpochAIResearch/status/2072776792809918604