Data Breach TodayArchived May 29, 2026✓ Full text saved
Severity and Reachability Metrics Also Essential for Mythos-Era Bug Mitigation If there's one thing artificial intelligence has done, it's multiply bugs, and the annual CVE Program count of new vulnerabilities is set to break records. Less apparent is how many of those AI-ferreted vulnerabilities can be turned into high-impact exploit chains - if they're exploitable at all.
Full text archived locally
✦ AI Summary· Claude Sonnet
AI-Powered SASE , Artificial Intelligence & Machine Learning , Governance & Risk Management
AI-Driven Bug Tsunami Prompts Exploitability Questions
Severity and Reachability Metrics Also Essential for Mythos-Era Bug Mitigation
Mathew J. Schwartz (euroinfosec) • May 29, 2026
Credit Eligible
Get Permission
Image: Shutterstock
If there's one thing artificial intelligence has done, it's multiply bugs. Commercial and open-source software giants report overwhelming surges of bug reports while the program that tracks flaws, Common Vulnerabilities and Exposures, is on course for a second record-busting year in a row.
See Also: Know Thy Enemy: Threats to Cyber Resilience
Less apparent is how many of those AI-ferreted vulnerabilities can be turned into high-impact exploit chains, or if they're exploitable at all.
Last year, 40,000 new CVEs got assigned, and this year the program will likely catalog 60,000 flaws, said Tod Beardsley, vice president of security research at exposure management platform runZero and a member of the CVE Board.
Year-on-year, many software suppliers' CVEs have surged: Chrome is up 563%, GitHub 476%, and the count for VMware, Apache, Mozilla, HPE and F5 each more than double, said Patrick Garrity, security researcher at vulnerability intelligence service VulnCheck.
But most CVEs don't pose a threat. Over the past two decades, Beardsley said fewer than 2% of all newly found CVEs have been exploitable, and fewer still lead to bad outcomes. "Maybe CVEs should only be assigned to CVEs that matter - if you could tell me the 2%, that would be great."
Many critical CVEs never get exploited. Network and endpoint telemetry collected by cybersecurity firm Proofpoint suggests only 12 CVEs assigned this year are so far being widely exploited. These exist in typical targets such as widely used edge devices from Cisco, Ivanti and Palo Alto Networks, plus Webpros cPanel, Microsoft Exchange Server and the Linux kernel.
One mitigating factor is that many widely used open-source software libraries have gotten so big that a new CVE won't affect every service that calls the vulnerable library. Not every service will call the vulnerable function, said Isaac Evans, CEO of Semgrep. In many cases, he said, any new CVE in an open-source library might affect 1% of the company's customer base, but only 1% of their products will use that functionality.
Severity, Exploitability, Reachability
Whether a bug is severe and when it's exploitable are crucial information. "But don't forget exploitability depends on reachability, and it differs for each code base - it depends on how you've actually architected that function in your code," said Jaya Baloo, COO and CISO of AI-native application security platform Aisle.
"Exploitability also begs the question: under which conditions, by whom, what are the other things you might need and is it exploitable in certain scenarios, like is it a chainable exploit?" Baloo said. A flaw that requires local admin access to exploit poses less risk than a vulnerability that can be remotely exploited by an unauthenticated attacker.
Having this information to hand is essential for identifying which vulnerabilities need to get patched first or otherwise mitigated, and how. Too often, these details are missing from the many AI-assisted bug reports being generated, software suppliers say.
"AI tools are great, but only if they actually help, rather than cause unnecessary pain and pointless make-believe work," said Linux creator Linus Torvalds in a recent post to the Linux kernel security mailing list.
Torvalds' remarks followed an "unmanageable" volume of low-quality bug reports hitting the list, many of them duplicates, due to AI-assisted researchers using the same large language models. In response, the latest guidelines urge Linux kernel security vulnerability hunters to only share details for "urgent bugs that grant an attacker a capability they are not supposed to have on a correctly configured production system, and can be easily exploited, representing an imminent threat to many users," together with a proof-of-concept exploit to prove it.
So do go bug bounty programs. Microsoft-owned GitHub's recently tweaked guidelines offer cash rewards for "a working proof of concept that demonstrates real exploitation and concrete security impact." The reward for less-severe bug reports that lead to a code or documentation fix is now "GitHub swag."
More of the Same
If there's one word to sum up worry about a new torrent of AI-spotted vulnerabilities, it would be Mythos. It's the Anthropic-made frontier model unveiled in a burst of publicity dubbing it too dangerous for release to the public.
Early reports from select IT infrastructure and cybersecurity companies that were granted access is that the model is very good at chaining together flaws, including low-severity bugs, into high-severity exploits. But Anthropic said May 22 that it's still too soon to reveal most of the flaws, serious or otherwise, Mythos users have found, "without putting end users at risk."
Seeking concrete evidence, VulnCheck's Garrity has been tracking newly disclosed CVEs that credit Anthropic's research team. Across the 88 CVEs he's counted so far, "we're not seeing a bunch of initial access vulnerabilities out of that dataset, where it's remote code execution," he said.
If there's no evidence yet that Mythos is fostering a glut of serious flaws, attackers' reliance on public flaws and well-worn tradecraft suggests the same. Despite the rise in the number of flaws being found, Proofpoint said attackers' MO largely remains: "grab the public PoC, adapt it to existing delivery infrastructure, target exposed attack surface opportunistically."
For defenders, the good news is that best practices for using layered defenses to arrest well-known attacker tactics, techniques and procedures still work, even as the potential volume of vulnerabilities being discovered continues to rise, experts say.
The same holds true for software suppliers, said Semgrep's Evans. "You don't achieve security by removing bugs. In fact, you achieve it by putting in these defense-in-depth layers, so that one bug is not resulting in an exploitable product, which is something that major software vendors have done a really good job of, historically."