AI Companies Urged to Enhance Role in CVE Program Amid Rising Vulnerabilities

Severity: Medium (Score: 51.9)

Sources: www.helpnetsecurity.com, github.com, blog.volerion.com, First, Infosecurity-Magazine

Summary

At VulnCon26, CISA's Lindsey Cerkovnik emphasized the need for AI companies like OpenAI and Anthropic to take a more active role in the Common Vulnerabilities and Exposures (CVE) program. The CVE program has seen a significant increase in reported vulnerabilities, with 18,274 reported in 2026 alone, marking a 27.9% rise from the previous year. Notably, Anthropic's new AI model, Claude Mythos Preview, has reportedly discovered thousands of zero-day vulnerabilities, including a 27-year-old vulnerability in OpenBSD and a 16-year-old vulnerability in FFmpeg. OpenAI also launched GPT-5.4-Cyber, tailored for cybersecurity applications. The event highlighted the accelerating pace of vulnerability disclosures, with forecasts suggesting an additional 50,000 CVEs may be reported in 2026. The conference gathered over 500 cybersecurity professionals to discuss advancements in vulnerability management and the impact of AI on security practices. Key Points: • CISA calls for greater involvement of AI companies in the CVE program. • 2026 has seen a 27.9% increase in reported CVEs compared to 2025. • Anthropic's Claude Mythos Preview has identified thousands of previously unknown vulnerabilities.

Key Entities

• Zero-day Exploit (attack_type)
• first.org (domain)
• volerion.com (domain)
• Ffmpeg (tool)
• CVSS Calculator (tool)
• MISP (core Software) - Open Source Threat Intelligence And Sharing Platform (tool)
• Linux (platform)
• OpenBSD (platform)
• Open EdX (platform)