CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

CISA Advocates for AI Company Integration into CVE Program Amid Record Vulnerability Growth

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

CISA’s Chief of the Vulnerability Response & Coordination (VRC) Branch, Lindsey Cerkovnik, emphasized the need for AI companies such as OpenAI and Anthropic to play a more formal role in the Common Vulnerabilities and Exposures (CVE) program during VulnCon26. The call follows rapid growth in vulnerability disclosures, with 2026 projections ranging from 50,000 to 70,135 CVEs—a 45.6% increase from 2025—driven in part by AI-driven discovery tools. New AI models like Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.4-Cyber have demonstrated capabilities to autonomously identify critical zero-day vulnerabilities, including a 27-year-old flaw in OpenBSD and a 16-year-old flaw in FFmpeg, as well as chains of vulnerabilities in the Linux kernel enabling privilege escalation. CISA’s push aligns with a broader diversification strategy for the CVE program, including the establishment of new working groups and a goal to expand the roster of CVE Numbering Authorities (CNAs).

Timeline

  1. 15.04.2026 13:30 1 articles · 8h ago

    CISA Urges AI Company Integration into CVE Program as AI-Driven Discovery Accelerates Vulnerability Reporting

    CISA’s Chief of the Vulnerability Response & Coordination Branch called for AI companies like OpenAI and Anthropic to formally join the CVE program, citing AI models’ emerging role in discovering high-impact vulnerabilities. New AI tools such as Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.4-Cyber have demonstrated autonomous identification of zero-days and chained exploits in critical infrastructure components, including OpenBSD and the Linux kernel. This development occurs amid record-breaking CVE reporting growth, with 2026 projections exceeding 50,000 CVEs—a trend attributed to both traditional reporting and AI-assisted discovery methods.

    Show sources
    Open in new tab

Information Snippets

  • CISA’s VRC Branch Chief Lindsey Cerkovnik stated that AI companies should be better represented in the MITRE-run CVE program during VulnCon26 on April 14, 2026.

    First reported: 15.04.2026 13:30
    1 source, 1 article
    Show sources

  • Anthropic’s Claude Mythos Preview, currently available to 40 members of Project Glasswing, allegedly discovered thousands of zero-day vulnerabilities, including a 27-year-old OpenBSD vulnerability and a 16-year-old FFmpeg vulnerability.

    First reported: 15.04.2026 13:30
    1 source, 1 article
    Show sources

  • Claude Mythos Preview autonomously chained vulnerabilities in the Linux kernel to achieve privilege escalation from user-level access to full system control in testing environments.

    First reported: 15.04.2026 13:30
    1 source, 1 article
    Show sources

  • OpenAI released GPT-5.4-Cyber, a cybersecurity-focused variant of GPT-5.4, exclusively to members of its 'Trusted Access for Cyber Defense' program.

    First reported: 15.04.2026 13:30
    1 source, 1 article
    Show sources

  • The CVE program recorded 18,247 CVEs in 2026 through mid-April, a 27.9% increase from the same period in 2025, with an average of 174 CVEs reported daily compared to 132 in 2025.

    First reported: 15.04.2026 13:30
    1 source, 1 article
    Show sources

  • FIRST projected 50,000 additional CVEs in 2026, while Cisco’s Jerry Gamblin forecasted up to 70,135 CVEs, representing a 45.6% growth from 2025’s 48,171 CVEs.

    First reported: 15.04.2026 13:30
    1 source, 1 article
    Show sources

  • As of March 2026, the CVE program has 502 registered CVE Numbering Authorities (CNAs), surpassing the 500 contributor milestone.

    First reported: 15.04.2026 13:30
    1 source, 1 article
    Show sources