In June 2026, major organizations published roughly 1,500 high- and critical-severity CVEs — more than 3.5 times the monthly record before Claude Mythos was released. Epoch AI’s data analysis tracks disclosures from AWS, Apache, Apple, Cisco, Google, Linux, Microsoft, Mozilla, NVIDIA, Oracle, Red Hat, Adobe, IBM, Intel, AMD, Qualcomm, Samsung, SAP, VMware, GitHub, and OpenSSL. The spike coincides with Anthropic’s April announcement that Claude Mythos Preview could autonomously discover software vulnerabilities, and that Project Glasswing partners — Microsoft, Google, Apple, AWS — had been using it to find bugs before the model went public.
🔍 THE BOTTOM LINE
AI can now find security vulnerabilities faster than humans can patch them. That’s not a speculative concern — it’s a 3.5x spike in real CVE data, with Anthropic’s own Project Glasswing claiming over 10,000 high- or critical-severity vulnerabilities found, many still undisclosed. The finding side is solved. The fixing side is not.
What the Data Shows
Epoch AI’s analysis covers CVE disclosures from 20 major organizations — the ones with consistent, publicly trackable reporting procedures. The June 2026 figure of ~1,500 high- and critical-severity CVEs is not a gradual increase. It’s a step function: 3.5x the previous monthly record, concentrated in the weeks following Claude Mythos Preview’s release.
The spike includes vulnerabilities found both through Project Glasswing’s coordinated disclosure pipeline and through independent security research that may have been accelerated by the broader availability of AI-assisted vulnerability discovery tools. OpenAI’s Daybreak product is running a similar program. The total count of undisclosed vulnerabilities sitting in Glasswing’s backlog is unknown, but Anthropic’s own figure — “over 10,000 high- or critical-severity vulnerabilities” — suggests the published CVEs are the tip.
The Finding-Fixing Gap
We covered this gap in May: Claude Mythos found over 10,000 vulnerabilities in its first month under Project Glasswing. Only 97 had been patched at the time. That ratio hasn’t improved meaningfully — the patching pipeline is human-limited, and AI discovery is scaling exponentially.
The structural problem is straightforward: finding a vulnerability is a single-agent task. Fixing it requires coordination between the vulnerability reporter, the project maintainer, the downstream integrator, and every deployment that depends on the affected library. The CVE disclosure itself is just the starting gun. The marathon — patching, testing, deploying — runs at human speed.
Why This Matters Now
The 3.5x spike means the vulnerability discovery curve has broken from its historical baseline. Before AI-assisted discovery, CVE disclosures grew roughly linearly — more software, more bugs, more disclosures. The step change suggests a phase transition: the marginal cost of finding a vulnerability has collapsed.
This creates a new risk profile. Unpatched high-severity CVEs are the low-hanging fruit for attackers. A 3.5x increase in disclosed vulnerabilities means a 3.5x increase in the window between “publicly known exploitable flaw” and “patched in production.” Threat actors don’t need AI to exploit these — they just need to read the CVE database.
The Glasswing Paradox
Project Glasswing is, by Anthropic’s own framing, a responsible disclosure program: find vulnerabilities, report them to vendors, give them time to patch before public disclosure. The problem is that “time to patch” hasn’t scaled with “time to find.” The initial Glasswing update acknowledges that many of the 10,000+ vulnerabilities have not been individually disclosed yet — they’re sitting in a queue, waiting for vendor coordination.
This creates an information asymmetry: Anthropic and its Glasswing partners know where thousands of unpatched critical vulnerabilities are. The vendors don’t, or are still processing them. The public doesn’t, until disclosure. In a world where AI can find these vulnerabilities, other AI systems — or other well-resourced actors — can find them too. The coordinated disclosure model assumes the good guys find it first. With 10,000+ vulnerabilities in the backlog, “first” is doing a lot of work.
The NZ Angle
New Zealand’s cybersecurity gap is well documented. A 3.5x spike in global CVE disclosures means NZ organizations are exposed to more known vulnerabilities they haven’t patched — not because they’re negligent, but because the volume outpaces patching capacity. The government’s Cyber Security Strategy doesn’t currently account for an AI-driven step change in vulnerability discovery. It should.
❓ FAQ
Is the 3.5x spike caused entirely by Claude Mythos? Epoch AI notes the spike coincides with Mythos’s release and Glasswing’s activation. It’s likely a combination of direct Glasswing disclosures, independent research accelerated by AI tools, and increased industry attention to vulnerability discovery. Causation is correlated but not isolated.
What happens to the 10,000+ undisclosed vulnerabilities? They go through coordinated disclosure — Anthropic reports them to the affected vendors, who patch them, and then the CVE is published. The backlog is the concern: at current patching rates, some of these vulnerabilities may sit unpatched for months or years before disclosure.
Can the patching side be automated too? Partially. AI-assisted patching exists, but it’s harder than discovery — a patch must be correct, compatible with existing code, tested across configurations, and merged by a human maintainer. The verification burden is higher than the discovery burden. This is the bottleneck.
Should organizations be worried? If your threat model includes automated vulnerability scanning by adversaries — and it should — the 3.5x spike means your patching SLA needs to tighten. Known vulnerabilities with public CVEs are the easiest entry point. The gap between disclosure and patch is now the attack surface.
🔍 THE BOTTOM LINE
The AI vulnerability discovery era has arrived, and the data proves it. A 3.5x spike in serious CVEs isn’t a blip — it’s the new baseline. The crisis isn’t that AI can find bugs. It’s that the human patching pipeline hasn’t noticed the baseline moved.