Reported spike in high-severity vulnerability disclosures follows Anthropic’s cybersecurity model announcement
Epoch AI analysis links surge in June 2026 CVEs to increased bug discovery activity, but cautions correlation is not causation.
2 sources · single source
- A data analysis by Epoch AI reports a 3.5× increase in high- and critical-severity CVEs disclosed in June 2026 compared to prior records.
- The spike coincides with Anthropic’s April 2026 announcement that its Claude Mythos Preview model could autonomously discover software vulnerabilities.
- Epoch AI notes the increase may partly reflect heightened interest in vulnerability discovery rather than a direct causal effect.
- The analysis focuses on disclosures from 21 notable organizations, including Microsoft, Google, Apple, and AWS.
Epoch AI’s data insight reports that organizations disclosed approximately 1,300 high- and critical-severity Common Vulnerabilities and Exposures (CVEs) in June 2026, a figure roughly 3.5 times higher than the previous monthly record before Anthropic’s April 2026 announcement of Claude Mythos Preview.
The analysis centers on vulnerability disclosures from 21 notable organizations, including Microsoft, Google, Apple, Adobe, Oracle, Cisco, IBM, Red Hat, Intel, AMD, NVIDIA, Qualcomm, Samsung, SAP, Amazon (AWS), VMware (Broadcom), GitHub, Linux, Mozilla, Apache, and OpenSSL. Epoch AI excludes submissions from less reputable sources to avoid noise.
The report notes that Anthropic’s Project Glasswing, a collaborative effort involving partners such as Microsoft, Google, Apple, and AWS, claims to have identified over 10,000 high- or critical-severity vulnerabilities since its commencement, many of which have not been individually disclosed. OpenAI is also reported to be undertaking similar efforts with its Daybreak product.
Epoch AI emphasizes that its figures are based on publicly disclosed vulnerabilities and do not include discovered but undisclosed vulnerabilities. The analysis acknowledges that while increased feasibility of discovery due to AI tools may contribute to the spike, the rise in disclosures could also stem from heightened interest in bug discovery.
The data visualization and underlying CSV dataset are available for public use under a Creative Commons BY license, with the analysis authored by Luke Emberson and published on July 2, 2026.
- Jul 3, 2026 · Schneier on Security
Flock’s ‘Vehicle Fingerprint’ system enables law enforcement tracking without license plates
Trust74 - Jul 3, 2026 · arXiv cs.CL
BPE tokenization fragmentation enables character-level attacks that bypass LLM safety alignment
Trust79 - Jul 3, 2026 · arXiv cs.CL
Provenance-based framework reduces LLM agent misalignment errors by up to 96%
Trust79