Software vulnerability disclosures just had their loudest month ever. Notable organizations disclosed roughly 1,300 high- and critical-severity CVEs in June — about 3.5 times the monthly record from before Claude Mythos arrived, according to research group Epoch AI. FIRST, the global incident-response forum, updated its mid-year forecast to project roughly 66,000 CVEs for 2026, up from a February median of 59,427 — the highest annual pace in the system's history.
The driver is no mystery: vulnerability discovery went industrial. Anthropic said in April that its Claude Mythos preview could autonomously discover software vulnerabilities, and that Project Glasswing partners — including Microsoft, Google, Apple, and AWS — had been using it to find and fix bugs ahead of the model's public release. The company has claimed more than 10,000 high- or critical-severity finds through the program, many not yet individually disclosed. Microsoft's June Patch Tuesday set its own record at roughly 200 CVEs, a haul security writers openly attributed to AI-assisted discovery.
Here's the number that should reframe the panic: FIRST notes that when you filter the surge for actual exploitability — vulnerabilities in CISA's Known Exploited Vulnerabilities catalog, or with an EPSS score above 10% — the actionable patching burden is essentially flat. The haystack exploded. The needles didn't.
Our take
This is what machine-speed auditing looks like when it hits a human-speed pipeline. The disclosures are a lagging indicator of AI models quietly reading the world's code — the same capability jump that repriced autonomous work is now repricing software risk. Two operational conclusions. First: if your security process ranks patches by raw CVSS severity, you will drown by Q4 — exploitability-first triage (KEV and EPSS) stops being best practice and becomes survival. Second: assume adversaries run the same scans. A disclosed-but-unpatched bug is more dangerous when discovery costs pennies, so the time between advisory and patch is the new exposure metric. And for everyone outside security: this is the template for every AI-touched field. Output explodes, signal doesn't, and triage becomes the job.
What to watch
- July's disclosure count. If it holds near June's level, 3.5x is the new baseline, and the ~66,000 full-year forecast starts looking conservative.
- The Glasswing backlog. Thousands of found-but-undisclosed vulnerabilities have to surface eventually. Watch for coordinated disclosure waves.
- Triage tooling. The bottleneck just moved from finding bugs to ranking and fixing them — that's where the next security budget line goes.
- Policy crossover. If Washington's release standards fold security capabilities into pre-launch review, discovery models become regulated artifacts themselves.
The bigger pattern: AI keeps compressing timelines that institutions assumed were fixed — in lab research, in agent labor, and now in the disclosure pipeline that underpins global software security. The organizations that adapt aren't the ones with the most alerts. They're the ones that know which alerts matter.
