Login Contact Us Book a Demo
The AI Vulnerability Storm · Detailed Report

The AI Vulnerability
Storm, Detailed

A briefing on where state of the art AI vulnerability discovery stands today, how it is evolving and what Sonatype recommends you do about it. ~60 AI-discovered CVEs are public to date; thousands more are announced and awaiting vendor patches

AI-discovered CVEs · Public
60–65
Vendor-credited AI attribution in advisory or CVE record
AI-discovered · Under Embargo
3,200+
Vendor-claimed, disclosure pending through Q3
Ratio · Embargoed ÷ Public
~53×
The structural gap now defining the landscape
Active AI Programs
8
AISLE, Anthropic, XBOW, Horizon3, OpenAI, RunSybil, ZeroPath, AIxCC
§ 00 · What this means for you
Your upstream suppliers — OSS projects, browsers, kernels, commercial vendors — are now being audited, at scale, by machines that do not sleep. Over the next two quarters, the rate at which fixes land in the components you depend on is going to change step-function.

State of the art · today

Four production-grade programs — AISLE, Anthropic (Claude Opus 4.6 → Mythos), XBOW, and OpenAI Codex Security[21] — are already shipping CVEs against OpenSSL, curl, Firefox, FreeBSD, the Linux kernel, Apache ActiveMQ and Microsoft cloud services. Time-to-exploit has collapsed to under a day. The volume of vulnerabilities being discovered is on track to overwhelm the industry's capacity to apply patches — remediation, not disclosure, is the real bottleneck.

How it is evolving

Anthropic's April Mythos Preview[13] claims thousands of findings with >99% still embargoed under SHA3-224 hash commitments, coordinated through Project Glasswing with roughly 40 early-access vendors. The first mandatory disclosures open July 7 and close around September 5, 2026. Mythos-class capability will proliferate to other frontier models within months, and open-weight models within a year[13] — this is the first wave, not the last.

What Sonatype recommends

Treat Q3 as a remediation surge, not business-as-usual. Control the ingress — every package entering the enterprise should pass a policy gate, no CVE required. Put real-time intelligence in front of every coding agent. Gate every build with SCA, SBOM, and release policy. The 90-day plan at the end of this report maps these moves to Firewall, Guide, and Lifecycle.

§ 00 · A note on terminology

What is a hash commitment?

When Anthropic says Mythos found "thousands of zero-days" but refuses to disclose them,[13] how does anyone verify the claim without the vulnerabilities leaking? The cryptographic answer is a hash commitment — also called a commitment scheme.

The researcher takes the full vulnerability report plus proof-of-concept exploit, runs it through a one-way hash function (Anthropic uses SHA3-224), and publishes only the resulting hash — a 56-character fingerprint that reveals nothing about the bug. Later, when the vendor has patched, the researcher publishes the original document. Anyone can re-run the hash and confirm it matches — proving the researcher knew about the vulnerability on the earlier date without tipping off attackers.

In practical terms, it's a sealed envelope: the hash is the wax seal, the PoC inside stays private until disclosure, and the cryptography guarantees the envelope can't be swapped.

Worked example SHA3-224
01
Vulnerability report + PoC (kept private)
FreeBSD svc_rpc_gss_validate() 304-byte
stack overflow via RPCSEC_GSS header…
[exploit code, ROP chain, etc.]
↓  SHA3-224
02
Public hash commitment (published Apr 7)
aab856123a5b9c47f2e8d1
90c4a7e5b381fe49a6d2c1
8e7f4a3b92
↓  90 + 45 days
03
Vendor patches, researcher reveals
CVE-2026-4747 · FreeBSD-SA-26:08
Hash verifies → original report confirmed
14
SHA3-224 hashes Anthropic published with Mythos launch
>99%
Of Mythos findings still under commitment, by Anthropic's own count
135 days
Max window from vendor report to mandatory disclosure (90 + 45)
Jul–Sep
When the first commitments from Apr 7 must be revealed
§ 01 The ground was already shifting CVE volume tripled before AI-discovery scaled

The baseline was already breaking

Before any AI program shipped a CVE, the public catalog was already buckling under sheer volume. CVE submissions to the National Vulnerability Database increased 263% between 2020 and 2025,[26] and Q1 2026 is running roughly one-third higher than Q1 2025. The AI-discovery surge documented in this report is additive — it is piling onto a system that was already losing ground.

The institution that scored them is retreating

On April 15, 2026, NIST announced that the NVD will no longer enrich every submitted CVE.[26] Going forward, only CVEs in CISA's KEV catalog, software used by the U.S. federal government, and EO 14028 critical software get analysis — everything else is marked Not Scheduled. NVD enriched ~42,000 CVEs in 2025 (a 45% productivity gain) and still couldn't keep up.

2020 → 2025 growth
+263%
NVD CVE submissions, 2020 to 2025 — per NIST's own announcement
Q1 2026 vs Q1 2025
+33%
Submissions in the first three months of 2026 versus same period last year
NVD enrichment scope · Apr 15
3 bands
KEV · U.S. federal software · EO 14028 critical — everything else: Not Scheduled
Monthly CVE submissions to the NVD · Jan 2020 — Mar 2026
Source: NVD dashboard · nvd.nist.gov
0 1,500 3,000 4,500 6,000 2023 · INFLECTION Monthly volume begins doubling 6,304 MAR 2026 · RECORD APR 15, 2026 NIST narrows NVD enrichment scope KEV + federal + EO 14028 2020 2021 2022 2023 2024 2025 2026
2020–2022 · baseline (~1,900/mo avg) 2023–2025 · inflection (~3,500/mo avg) Q1 2026 · record territory
What it means

The public, enriched CVE record is no longer the floor of your vulnerability intelligence — it is a narrowing slice. Most CVEs published after March 1, 2026 will land without a CVSS score, CPE list, or severity rating from NIST. You need an alternate enrichment pipeline (vendor advisories, OSS-native sources, Sonatype's research) and a way to triage the rising tide of AI-discovered findings before they ever reach your build.

§ 02 Monthly AI assisted disclosure velocity AI-discovered CVEs · public vs. embargoed
Confirmed · Public CVE Alleged · Hash-committed / claimed
Cumulative Curve · Scroll to reveal projected Mythos disclosures
Q1 actual · through Apr 22
3,500 1,500 500 100 0 APR 22 · TODAY JAN 1 JAN 31 FEB 28 MAR 31 APR 22 MAY 22 JUN 22 JUL 22 AUG 22 SEP 5 · DEADLINE 19 45 55 63 ~165 ~665 ~2,165 ~3,000 3,500+ JUL 7 90-DAY WINDOW OPENS AI-DISCOVERED CVES · PUBLIC PROJECTED · MANDATORY DISCLOSURE
↓ keep scrolling to reveal the forecast

The forecast shown is not a guess. It's a floor derived from Anthropic's own disclosure-window policy: 90 days from vendor report, with an optional 45-day extension, then mandatory publication. The first Mythos reports were filed April 7, 2026 — so the earliest mandatory disclosures begin July 7, 2026, and all commitments from launch day reach their final deadline by early September. If Anthropic's "thousands" claim is accurate at even the lower bound, the confirmed-CVE count must rise ~50× between now and then. If it doesn't, the claim was inflated.

§ 03 Severity distribution, by month Of public AI-discovered CVEs only
Critical · CVSS ≥ 9 High · CVSS 7 – 8.9 Moderate · CVSS 4 – 6.9 Low · CVSS < 4
§ 04 Attribution, by discoverer Monthly AI-discovered CVE output, ranked by public total
AISLE
Stanford · Stanislav Fort et al.
~26
+ ~150 claimed
19
Jan
4
Feb
3
Mar
Apr
OpenSSL 12-of-12,[1][5] curl 8.18.0,[2] libpng 1.6.54,[3] OpenEMR, WeKan, Mattermost, OpenSIPS.[4] Claims 180+ externally-validated CVEs across 30+ projects.[4]
Anthropic / Claude
Opus 4.6 → Mythos Preview
~31
+ ~3,000 claimed
Jan
22
Feb
7
Mar
5
Apr
Firefox MFSA 2026-13 (22),[6][7] MFSA 2026-20 (6),[8] MFSA 2026-30 (3 credited of 271 claimed),[14][15] CVE-2026-4747 FreeBSD NFS root RCE.[11][12] Over 99% of Mythos findings remain unpatched per Anthropic.[13]
XBOW
Autonomous pentesting
3
+ ~1,060 submitted
Jan
Feb
3
Mar
Apr
Microsoft March Patch Tuesday: CVE-2026-21536 (CVSS 9.8 Devices Pricing), CVE-2026-32194, CVE-2026-32191 (Bing RCE).[9][10] HackerOne #1 US leaderboard.[19][20]
Others
Horizon3, OpenAI, RunSybil, AIxCC
~2
+ ~10 OpenAI / ~10 AIxCC
Jan
Feb
Mar
2
Apr
Horizon3.ai · CVE-2026-34197 Apache ActiveMQ (13-yr RCE) · Apr 9.[16] OpenAI Codex Security claims 10 OSS CVEs but no month-specific disclosure.[21] Team Atlanta's ATLANTIS CRS found 10 unknown bugs across 8 OSS-Fuzz projects.[22][23]
Bobby Holley · Mozilla CTO · April 21, 2026
"This week's release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation… so far we've found no category or complexity of vulnerability that humans can find that this model can't. The defects are finite, and we are entering a world where we can finally find them all."[14]
The zero-days are numbered blog.mozilla.org · Apr 21, 2026
§ 05 Key events, chronologically Major disclosures & infrastructure shifts
Jan 07
AISLE credited with 5 CVEs in curl 8.18.0 release
curl.se [2]
Jan 27
AISLE discloses 12-of-12 OpenSSL vulns (CVSS 9.8 critical)
openssl.org [1]
Feb 24
MFSA 2026-13 · 22 Claude-credited Firefox CVEs
mozilla.org [6]
Mar 11
XBOW lands 3 Microsoft Patch Tuesday critical RCEs
microsoft.com [9]
Jan 12
CVE-2026-22695 libpng heap over-read, AISLE
libpng [3]
Feb 05
Anthropic publishes "500+ validated" zero-days paper
red.anthropic.com [17][18]
Mar 26
FreeBSD-SA-26:08 · CVE-2026-4747 NFS kernel RCE (Claude)
freebsd.org [11]
Mar 27
HackerOne pauses Internet Bug Bounty · AI-slop overwhelm
hackerone [19]
Apr 07
Project Glasswing · Mythos Preview · "thousands of 0-days"
anthropic.com [13][24]
Apr 21
MFSA 2026-30 · Firefox 150 ships with 271 Mythos-found bugs
mozilla.org [14]
§ 06
Evidence ledger
Every claim in this report, traceable to a primary source
55 Expand records Collapse
CVE / ID Date Discoverer Target Severity Finding Ref
AISLE · OpenSSL 12-of-12 Jan 27, 2026 · all 12 advisory-credited
CVE-2025-154672026-01-27AISLEOpenSSLCritical · 9.8Stack buffer overflow in CMS AuthEnvelopedData parsing; pre-auth potential RCE[1][5]
CVE-2025-694192026-01-27AISLEOpenSSLHighPKCS#12 character encoding memory corruption[27]
CVE-2025-694202026-01-27AISLEOpenSSLHighTimeStamp Response verification crash[28]
CVE-2025-694212026-01-27AISLEOpenSSLHighPKCS#12 decryption crash[29]
CVE-2026-227952026-01-27AISLEOpenSSLHighPKCS#12 parsing crash[30]
CVE-2025-111872026-01-27AISLEOpenSSLModeratePBMAC1 parameter validation flaw in PKCS#12[1]
CVE-2025-154682026-01-27AISLEOpenSSLLowCrash in QUIC protocol cipher handling[1]
CVE-2025-154692026-01-27AISLEOpenSSLLowSilent truncation affecting post-quantum signatures (ML-DSA)[1]
CVE-2025-661992026-01-27AISLEOpenSSLLowMemory exhaustion via TLS 1.3 certificate compression[1]
CVE-2025-681602026-01-27AISLEOpenSSLLowLine-buffering memory corruption (regression back to OpenSSL 1.0.2)[1]
CVE-2025-694182026-01-27AISLEOpenSSLLowEncryption flaw in OCB mode on hardware-accelerated paths[1]
CVE-2026-227962026-01-27AISLEOpenSSLLowCrash in PKCS#7 signature verification; code inherited from SSLeay c. 1998[1]
AISLE · curl 8.18.0 Jan 7, 2026 · 5 CVEs credited on daniel.haxx.se release notes
CVE-2025-115632026-01-07AISLEcurl / wcurlLow-Medwcurl flaw (reporter credit on curl.se)[2]
CVE-2025-130342026-01-07AISLEcurlLow-MedNo QUIC certificate pinning with GnuTLS[2]
CVE-2025-140172026-01-07AISLEcurlLow-MedBroken TLS options for threaded LDAPS[2]
CVE-2025-145242026-01-07AISLEcurlMediumBearer token leak on cross-protocol redirect[2]
CVE-2025-148192026-01-07AISLEcurlLow-MedOpenSSL partial chain store policy bypass[2]
AISLE · Other OSS targets Jan–Mar 2026
CVE-2026-226952026-01-12AISLElibpng 1.6.54MediumHeap over-read in png_image_read_direct_scaled[3]
CVE-2026-19642026-02-05AISLEWeKan ≤8.20MediumREST endpoint vulnerability[4]
CVE-2026-16292026-02AISLEMattermost 10.11.xMediumPermalink cache disclosure (MMSA-2026-00580)[4]
CVE-2026-249082026-02-25AISLEOpenEMRCritical · 10.0Critical flaw in OpenEMR[4]
CVE-2026-255542026-03-19AISLEOpenSIPSHighJWT SQL injection → authentication bypass (patch merged Feb 2)[4]
CVE-2026-333462026-03-19AISLEOpenEMRHigh · 8.7Stored XSS vulnerability[4]
Claude · Firefox / Thunderbird bulk disclosures Feb–Apr 2026 · Anthropic + Mozilla team
MFSA-2026-132026-02-24Claude Opus 4.6Firefox 148 / Thunderbird 14814H · 7M · 1L22 memory-safety and use-after-free CVEs; first bulk Claude-credited browser disclosure[6][7]
MFSA-2026-202026-03-24Claude Opus 4.6Firefox 149 / ESR 140.95M · 1L6 Claude-credited CVEs: CVE-2026-4702 / 4723 / 4724 / 4704 / 4705 / 4718[8]
MFSA-2026-302026-04-21Claude (Mythos)Firefox 150271 total271 vulnerabilities identified during initial Mythos evaluation; 40 numbered CVEs (10H/22M/11L), 3 individually Anthropic-credited[14][15]
CVE-2026-67462026-04-21Claude (Mythos)Firefox 150HighDOM Core & HTML use-after-free[14]
CVE-2026-67572026-04-21Claude (Mythos)Firefox 150ModerateJavaScript WebAssembly invalid pointer[14]
CVE-2026-67582026-04-21Claude (Mythos)Firefox 150ModerateJavaScript WebAssembly use-after-free[14]
XBOW · Microsoft Patch Tuesday & HackerOne submissions Mar 2026 · autonomous pentesting
CVE-2026-215362026-03-11XBOWMS Devices Pricing (cloud)Critical · 9.8Unauthenticated RCE via unrestricted file upload; no user interaction[9][10]
CVE-2026-321942026-03-11XBOWMicrosoft BingCriticalRCE with potential SYSTEM-level privileges[9]
CVE-2026-321912026-03-11XBOWMicrosoft BingCriticalRCE with potential SYSTEM-level privileges[9]
1,060 submissions2026-03-02XBOWHackerOne programs54C · 242H · 524M · 65LCumulative 1,060 HackerOne submissions over 90-day window[19][20]
Claude (Mythos Preview) · System software Mar–Apr 2026 · Anthropic Frontier Red Team
CVE-2026-47472026-03-26Claude (Mythos)FreeBSD NFS serverCritical17-year stack overflow in svc_rpc_gss_validate(); unauth remote kernel root; full ROP chain auto-generated[11][12]
OpenBSD-Errata-0252026-03-25Claude (Mythos)OpenBSD TCP SACKHigh27-year signed-integer overflow; 2-packet remote kernel crash; patched pre-disclosure[13]
FFmpeg 8.12026-04-07Claude (Mythos)FFmpeg H.264 parsingHigh16-year out-of-bounds write in H.264 slice table; survived 5M fuzzer iterations[13]
GHSA-v782-6fq4-q8272026-04-07Claude (Mythos)Randombit BotanMed-HighCertificate authentication bypass due to trust anchor confusion[25]
CVE-2026-314022026-04-10Claude Code / Opus 4.6Linux kernel NFSv4.0High23-year heap overflow in LOCK replay[13]
Mythos Linux LPEs2026-04-07Claude (Mythos)Linux kernelLocal PrivEscRace conditions + KASLR bypass chained into local privilege escalation (multiple unassigned CVEs)[13]
Mythos VMM2026-04-07Claude (Mythos)Unnamed memory-safe VMMCriticalGuest-to-host memory corruption (under SHA-3 commitment)[13]
Aggregate & programmatic claims Self-reported · bulk hash commitments
Mythos “thousands”2026-04-07Claude (Mythos)Every major OS / browserSHA-3 committedThousands of zero-days claimed; 14 SHA-3 hash commitments published; >99% remain unpatched; mandatory disclosure Jul–Sep 2026[13][24]
500+ zero-days paper2026-02-05Claude Opus 4.6Open-source projects500+ high-severityNamed examples: GhostScript gs_type1_blend, OpenSC strcat, CGIF LZW; no CVEs assigned[17][18]
AISLE 100+ / 180+2026-01 → 04AISLELinux, glibc, Chromium, WebKit, Samba, Apache, GnuTLS, OpenVPN, NASA CryptoLibMixed100+ externally-validated CVEs by late Jan; grew to 180+ by April[4]
OpenAI Codex Security2026-03-06Codex Security (ex-Aardvark)Open-source projectsMixed10 responsibly-disclosed OSS CVEs + contributions to 3,000+ critical/high fixes[21]
AIxCC Team Atlanta2026-02-09ATLANTIS CRSOSS-Fuzz projects10 · 3 high10 previously unknown bugs (3 high-severity) across 8 OSS-Fuzz projects via OSS-CRS port[22][23]
Third-party integrations AI-assisted, human-filed
CVE-2026-341972026-04-09Claude (via Horizon3.ai)Apache ActiveMQCritical13-year-old chained unauthenticated RCE; Naveen Sunkavally / Horizon3.ai[16]
55 primary records · curated from public advisories, vendor release notes, NVD, and research posts All 25 source URLs numbered in the reference block below
Sonatype · Mythos Readiness Plan

A 90-day plan, grounded in the data above.

If the curve holds, confirmed AI discovered CVEs must climb roughly fifty-fold between now and September to meet the claims already announced, and Mythos is only the first wave. The plan below is a practical starting point: what to stand up in the next 30, 60, and 90 days to keep pace with AI-speed discovery, using Sonatype Firewall, Guide, and Lifecycle as the control, intelligence, and automation layer across your agentic supply chain.

Nexus One Platform

Sonatype · SDLC Protection Layer · Live Simulation
malicious / policy-violating safe / approved
F
Sonatype Firewall
Perimeter & Ingress

Sits between the internet and your dev environment, automatically blocking malicious and policy-violating OSS packages the moment they're requested — before any code is written. No CVE required.

Product details →
G
Sonatype Guide
Developer & IDE Layer

Provides real-time policy and vulnerability intelligence at the moment of component selection. Keeps both developers and AI coding agents within approved boundaries — making the safe choice the default.

Product details →
L
Sonatype Lifecycle
CI/CD & Build Gate

Runs continuous SCA on every build and generates a signed SBOM for every artifact. Zero-exploit release gates prevent vulnerable components from advancing — closing the gap between AI-speed discovery and remediation.

Product details →
S
SBOM Manager
Inventory & Compliance

Stores, reconciles, and alerts on SBOM changes across internal builds and third-party vendors. Connects external threat intelligence to internal exposure — answering "are we affected?" before the board asks.

Product details →
Days 030
Prevent · See · Triage

Establish control and visibility — fast.

  • ControlRoute all OSS ingress through Sonatype Firewall; block malicious & policy-violating packages in <1 min, no CVE required
  • SeeGenerate SBOMs across internal and vendor code; identify crown-jewel apps and their critical dependencies
  • PrioritizeStand up emergency VulnOps triage; production-exposed OSS first; assign a named owner to every open finding
  • FixDeploy Sonatype Guide so coding agents get real-time policy & CVE guidance at the moment of decision
  • ProveBaseline coverage, exposure & open remediation; set a cadence that survives a multi-incident week
Days 3060
Own · Prioritize · Measure

Deepen intelligence, ownership, and response muscle.

  • ControlStandardize approved upstream sources by ecosystem; enforce IQ policies end-to-end across repos, registries, and MCP servers
  • SeePut Sonatype Lifecycle into CI/CD — SCA on every commit, SBOM on every build, zero-exploit release gates
  • PrioritizeRank by exploitability and business criticality; triage with AI agents so humans focus on what matters
  • FixRun parallel tracks — vendor, 1st-party, OSS; measure MTTR and fix adoption, weekly
  • ProveVendor escalation playbooks; tabletop simultaneous high-severity incidents; reserve capacity to prevent burnout
Days 6090
Automate · Scale · Prove

Automate, scale remediation, and report to the board.

  • ControlStandardize approved upgrade paths and component baselines across every ecosystem
  • SeeRecurring SBOM refresh and vendor attestation via SBOM Manager; connect external threat intel to internal exposure
  • PrioritizeDeliver a board-ready Mythos-readiness scorecard — cost of exploitation, blast radius, MTTR
  • FixAutomate safe upgrades via Golden PRs and pipeline promotion gates; let agents do the first pass, humans approve
  • ProveReport quarterly: coverage, exposure, remediation velocity — the three numbers the board needs to see
Talk to Sonatype Try Guide for Free
Firewall · Guide · Lifecycle · SBOM Manager
Methodology
Confirmed requires explicit AI attribution in the vendor advisory, CVE record, or authoritative disclosure post. Alleged includes SHA-3 hash commitments (Anthropic, 14 distinct commitments), vendor-reported aggregate counts (Anthropic "thousands", AISLE "180+", XBOW "1,060 submissions"), and vendor-patched-without-CVE findings. The Register's April 15 independent tally via Anchore found only CVE-2026-4747 could be "directly tied" to Glasswing at that date, versus Anthropic's "thousands" framing — reconcilable only via Anthropic's >99% embargo rate. Mandatory disclosure windows for hash-committed findings expire through July–September 2026.
References
26 primary & secondary sources · cited throughout
  1. AISLE Research · AISLE Discovered 12-of-12 OpenSSL Vulnerabilities. aisle.com/blog/aisle-discovered-12-out-of-12-openssl-vulnerabilities
  2. Daniel Stenberg · curl 8.18.0 release notes. daniel.haxx.se/blog/2026/01/07/curl-8-18-0
  3. AISLE · CVE-2026-22695 libpng buffer over-read. aisle.com/blog/aisle-discovers-cve-2026-22695-libpng-buffer-over-read
  4. AISLE · CVE Hub & Wall of Fame (OpenEMR, WeKan, Mattermost, OpenSIPS, 180+ CVE claim). aisle.com/cve-hub · aisle.com/blog/what-ai-security-research-looks-like-when-it-works
  5. Schneier on Security · AI Found Twelve New Vulnerabilities in OpenSSL. schneier.com/blog/archives/2026/02/ai-found-twelve-new-vulnerabilities-in-openssl.html
  6. Mozilla · MFSA 2026-13 Firefox 148 / Thunderbird 148 security advisory. mozilla.org/en-US/security/advisories/mfsa2026-13
  7. Anthropic · Mozilla Firefox Security announcement. anthropic.com/news/mozilla-firefox-security
  8. Cyber Security News · Firefox 149 Released / MFSA 2026-20. cybersecuritynews.com/firefox-149-released
  9. XBOW · Three RCE Vulnerabilities in Microsoft Identified by XBOW. xbow.com/blog/three-rce-vulnerabilities-in-microsoft-identified-xbow
  10. Krebs on Security · Microsoft Patch Tuesday, March 2026. krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition
  11. Penligent · CVE-2026-4747 FreeBSD RPCSEC_GSS Remote Code Execution. penligent.ai/hackinglabs/cve-2026-4747-freebsd-rpcsec_gss-remote-code-execution
  12. calif.io · Mad Bugs · Claude Wrote a Full FreeBSD Exploit. blog.calif.io/p/mad-bugs-claude-wrote-a-full-freebsd
  13. Anthropic Red Team · Mythos Preview · 14 SHA-3 commitments. red.anthropic.com/2026/mythos-preview
  14. Mozilla Blog · Firefox AI Security Zero-Day Vulnerabilities (MFSA 2026-30 / 271 bugs). blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities
  15. The Register · Mozilla Firefox Mythos Future Defenders (Apr 22, 2026). theregister.com/2026/04/22/mozilla_firefox_mythos_future_defenders
  16. Help Net Security · Apache ActiveMQ RCE Vulnerability CVE-2026-34197 (Claude / Horizon3.ai). helpnetsecurity.com/2026/04/09/apache-activemq-rce-vulnerability-cve-2026-34197-claude
  17. Anthropic Red Team · 500+ Validated Zero-Days paper. red.anthropic.com/2026/zero-days
  18. The Hacker News · Claude Opus 4.6 Finds 500 High-Severity Vulnerabilities. thehackernews.com/2026/02/claude-opus-46-finds-500-high-severity.html
  19. XBOW · We Ran 1,060 Autonomous Attacks. xbow.com/blog/we-ran-1060-autonomous-attacks
  20. XBOW · Top 1 · How XBOW Did It (HackerOne leaderboard). xbow.com/blog/top-1-how-xbow-did-it
  21. OpenAI · Introducing Aardvark / Codex Security. openai.com/index/introducing-aardvark
  22. arXiv · ATLANTIS CRS (Team Atlanta · Georgia Tech / Samsung). arxiv.org/pdf/2603.08566
  23. OpenSSF Podcast · What's in the SOSS, Ep. 52 · AIxCC Part 2: Team Atlanta. openssf.org/podcast/2026/02/09/aixcc-part-2
  24. Anthropic · Project Glasswing. anthropic.com/glasswing
  25. Randombit / GitHub Security Advisory · GHSA-v782-6fq4-q827 Botan trust anchor bypass. github.com/randombit/botan/security/advisories/GHSA-v782-6fq4-q827
  26. NIST · NIST Updates NVD Operations to Address Record CVE Growth. Apr 15, 2026. nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth
  27. Guide · CVE-2025-69419 Jan 28, 2026. guide.sonatype.com/vulnerability/CVE-2025-69419
  28. Guide · CVE-2025-69420 Jan 28, 2026. guide.sonatype.com/vulnerability/CVE-2025-69420
  29. Guide · CVE-2025-69421 Jan 28, 2026. guide.sonatype.com/vulnerability/CVE-2025-69421
  30. Guide · CVE-2026-22795 Jan 28, 2026. guide.sonatype.com/vulnerability/CVE-2026-22795