Skip to content
Safety · Jul 5, 2026

Reported spike in high-severity vulnerability disclosures follows Anthropic’s cybersecurity model announcement

Epoch AI analysis links surge in June 2026 CVEs to increased bug discovery activity, but cautions correlation is not causation.

Trust68
HypeSome hype

2 sources · single source

ShareXLinkedInEmail
TL;DR
  • A data analysis by Epoch AI reports a 3.5× increase in high- and critical-severity CVEs disclosed in June 2026 compared to prior records.
  • The spike coincides with Anthropic’s April 2026 announcement that its Claude Mythos Preview model could autonomously discover software vulnerabilities.
  • Epoch AI notes the increase may partly reflect heightened interest in vulnerability discovery rather than a direct causal effect.
  • The analysis focuses on disclosures from 21 notable organizations, including Microsoft, Google, Apple, and AWS.

Epoch AI’s data insight reports that organizations disclosed approximately 1,300 high- and critical-severity Common Vulnerabilities and Exposures (CVEs) in June 2026, a figure roughly 3.5 times higher than the previous monthly record before Anthropic’s April 2026 announcement of Claude Mythos Preview.

The analysis centers on vulnerability disclosures from 21 notable organizations, including Microsoft, Google, Apple, Adobe, Oracle, Cisco, IBM, Red Hat, Intel, AMD, NVIDIA, Qualcomm, Samsung, SAP, Amazon (AWS), VMware (Broadcom), GitHub, Linux, Mozilla, Apache, and OpenSSL. Epoch AI excludes submissions from less reputable sources to avoid noise.

The report notes that Anthropic’s Project Glasswing, a collaborative effort involving partners such as Microsoft, Google, Apple, and AWS, claims to have identified over 10,000 high- or critical-severity vulnerabilities since its commencement, many of which have not been individually disclosed. OpenAI is also reported to be undertaking similar efforts with its Daybreak product.

Epoch AI emphasizes that its figures are based on publicly disclosed vulnerabilities and do not include discovered but undisclosed vulnerabilities. The analysis acknowledges that while increased feasibility of discovery due to AI tools may contribute to the spike, the rise in disclosures could also stem from heightened interest in bug discovery.

The data visualization and underlying CSV dataset are available for public use under a Creative Commons BY license, with the analysis authored by Luke Emberson and published on July 2, 2026.

Sources
  1. 01Epoch AIDisclosure of serious cyber vulnerabilities spiked around the release of Claude Mythos Preview
  2. 02Hacker News — AINew serious vulnerabilities spiked around release of Claude Mythos Preview
Also on Safety

Stories may contain errors. Dispatch is assembled with AI assistance and curated by human editors; despite the trust-score filter, mistakes happen. We correct publicly — every article links to its revision history. Nothing here is financial, legal, or medical advice. Verify before relying on any claim.

© 2026 Dispatch. No ads. No sponsorships. No paid placement. Reader-supported via Ko-fi.

Built by a person who cares about honest AI news.