ACCORDING to the US Cybersecurity and Infrastructure Security Agency (CISA), AI companies such as OpenAI and Anthropic should play a bigger role in software vulnerability disclosures and be better represented in the Common Vulnerabilities and Exposures (CVE) programme. Lindsey Cerkovnik, chief of the Vulnerability Response & Coordination Branch at CISA, told VulnCon26 that the CVE programme has faced rapid growth in disclosed vulnerabilities and that AI platforms are likely to accelerate this trend.
The piece notes Anthropic’s Claude Mythos Preview, currently available to 40 Project Glasswing members, has reportedly found thousands of zero‑day vulnerabilities, including a 27‑year‑old OpenBSD flaw and a 16‑year‑old FFmpeg vulnerability, and it allegedly chained several Linux kernel flaws to escalate access. It also references testing by the UK’s AI Security Institute, and mentions OpenAI’s GPT‑5.4‑Cyber launched on 14 April 2026 for cybersecurity use cases.
The article further cites 327,000 CVE records to date, with 18,274 reported in 2026, a 27.9% rise year on year, and forecasts of 50,000 additional CVEs in 2026, plus a forecasted year‑end total of 70,135, alongside 502 CNAs registered by end March 2026.