The 2026 Vulnerability Forecast Update: Navigating the AI Epoch
By FIRST Forecasting team: Jerry Gamblin and Eireann Leverett
Prepared for FIRSTCON 2026
Friday, May 22, 2026
Introduction: A Structural Shift in the Vulnerability Landscape
The cumulative drift is currently +46.3% above the original forecast (an excess of 6,420 CVEs), leading to a revised 2026 projection of ~68K CVEs. There were many questions earlier this year when we produced prediction intervals as wide as 100k. Still, an important feature of a forecast is that it encompasses unlikely but realistically possible outcomes. AI-assisted discovery has increased the chances that we see what many people would consider an extreme number of vulnerabilities this year, and we take such things into account when producing the strategic forecast.
As we look toward the second half of 2026, the vulnerability coordination domain is undergoing an unprecedented transformation. With the recent deployments of highly autonomous AI discovery tools, such as Anthropic’s Mythos (a specialized, unreleased agent in the Claude family) and OpenAI’s GPT-5.4-Cyber, the volume of identified software flaws has accelerated massively. However, as we will explore in this mid-year update, a spike in raw discovery volume does not equate to an unmanageable security crisis. In sharp contrast, there is evidence that version cadences are remaining static amongst the rising tide of new CVEs. This is clearly visible in the lower graph, where the interval per product release is slightly increasing. In other words, we think more CVEs are being shipped with each version update, but the version updates remain the same cadence.
We thus advocate for calm growth in your vulnerability exposure management teams and processes, rather than a panic-driven narrative. Prepare to double the work you do if you maintain software, but we actually expect the work you do patching live systems to remain steady, at least through the end of 2026.
The growth we see in CVE volumes is often attributed to more eyes, more bug bounties, and more AI-generated results. However, we think this ignores the growth of Open Source projects receiving attention for the first time, as well as the raw growth of software worldwide. As we can see below, this is a significant factor in CVE growth, not mentioned elsewhere.
Part 1: The 'Epochal' Shift and the Discovery Surge
Historically, the FIRST vulnerability forecast relied on time-series models to predict the organic growth of CVEs. The 2017 structural change in CVE data represented a major shift, and we carefully chose models to either avoid or accept it. That internal history is relevant today because everyone believes we are going through another transformational period. Forecasters have to make important choices about when and where to switch tools.
2026 has introduced an entirely new paradigm: the capability-triggered model.
- The AI Discovery Era: We are currently witnessing the first major wave of AI-assisted bug hunting. For instance, there was a 164 % spike in Q1 disclosures at Mozilla, directly attributable to Anthropic's Project Glasswing, which uses the unreleased Mythos Preview agent and Claude Opus 4.6 to autonomously find legacy bugs within the Firefox engine. As detailed in the recent report "Behind the Scenes Hardening Firefox with Claude Mythos Preview" by Mozilla's Brian Grinstead, Christian Holler, and Frederik Braun, the team built an agentic harness on top of their fuzzing infrastructure to successfully identify and fix 271 bugs for the Firefox 150 release. This activity clarifies the relationship between the more general "Claude models" and the specialized "Mythos" agent mentioned throughout this forecast.
- Structural Volume Drivers: Beyond AI, structural expansions are inflating the numbers. Specifically, GitHub Security Advisories (GHSA) volume is up 449% YoY due to an expanded curation team and CVE ID backfill campaign, and VulnCheck is up 3,119% YoY as a CNA of Last Resort absorbing the unassigned backlog. These expansions have dramatically increased aggregate volume. Growth in software will also naturally drive growth in CVEs, but we are still learning how to distinguish between the two.
- The Real Bottleneck: In an era where AI can find significantly more flaws than human analysts, the constraint is no longer discovery; it is the human capacity to verify, coordinate, and patch. We also believe a crucial bottleneck will be in writing detection signatures for exploitation. The issue often comes down to the difference between identification and true risk detection.
Part 2: The Exploitability Overlay (Rain vs. Floods)
If we look only at the total volume of vulnerabilities, the forecast appears daunting. However, applying an "exploitability overlay" reveals a much more actionable reality. We refer to this as the "Rain vs. Flood" analogy.
- Heavy Rainfall (Total Volume): The aggregate number of CVEs and disclosures is surging due to AI discovery and broader cataloging.
- Stable Flood Lines (Actionable Risk): When filtering the massive volume surge for actual exploitability—specifically vulnerabilities present in the CISA KEV (Known Exploited Vulnerabilities) catalog or possessing an EPSS (Exploit Prediction Scoring System) score above 10%—the actionable patching burden remains completely flat. This 10% threshold is chosen to align with organizational risk appetites, targeting the highest-leverage, smallest subset of vulnerabilities for immediate action.
The critical takeaway for defenders in 2026 is that, while total rainfall is up significantly, the actual flooding risk has not changed. The challenge lies entirely in separating the patchable signal from the unpatchable noise.
| Metric |
Trend (1H 2026) |
Driver |
| Total reported disclosures (Volume) |
Massive Increase |
AI Bug Hunting (Mythos/Claude) & Structural CNA Expansion |
| Actionable Exploitability (EPSS >10% / KEV) |
Flat / Stable |
Structural complexity of reliable exploit development vs. legacy bugs. |
As adversarial capabilities expand, so do defensive mechanisms. The release of specialized defensive AI models, such as OpenAI's GPT-5.4-Cyber for "Trusted Access," provides a counterbalance to the rapid generation of exploits.
- Poachers Turning Gamekeepers: Historical data strongly suggests that offensive capabilities are rapidly adapted for defensive purposes. Defensive AI offers the potential to severely compress the Mean Time To Remediate (MTTR).
- The Race: The defining security dynamic of late 2026 will not just be AI finding bugs, but the race between AI-accelerated exploit development and AI-accelerated automated patching generation, or AI-assisted exploitation signature creation.
This is a crucial time for software maintainers to lean into automated tooling to find and remediate within their remit. That advantage may not last long, and so should be seized. Vulnerabilities are becoming easier to find, so more work can be done on verifying and applying learning constructively in the secure software development lifecycle. We could be eliminating entire classes of CWE rather than continuing the death-by-a-thousand-cuts approach.
Part 4: Ephemeral Software and Micro-Vulnerabilities
Traditional vulnerability forecasting focuses heavily on vendor and product breakdowns. However, 2026 demands that we account for "ephemeral instant software"—code generated and deployed on demand by AI assistants.
- The Shadow Registry: These AI-generated, bespoke applications often contain flaws that will never be reported to a traditional CVE registry.
- Systemic Risk: While these "micro-vulnerabilities" are not tracked in aggregate national databases, they pose a significant localized systemic risk that modern vulnerability management programs must learn to catalog and assess dynamically.
To address this, vulnerability programs must evolve toward dynamic cataloging, using AI-BOMs (Bills of Materials) and runtime monitors to detect, inventory, and continuously assess these ephemeral components as they are deployed.
Conclusion: Analysts are Humans (For Now)
The foundational constraint of the Coordinated Vulnerability Disclosure (CVD) ecosystem is human capacity. The NVD team takes vacations. Security analysts get sick. When we see a drop in published vulnerabilities or a delay in processing, we are often seeing reduced human headcount rather than a safer internet.
We believe that those of you managing assets should advocate for a budget not based on CVE growth, but rather on software growth. This is evident in the graphs below, which show that the number of distinct CPE or software products with vulnerabilities has grown by two orders of magnitude. It is the growth in the asset register's diversity, not the growth of CVEs, that is driving heavy workloads.
On the other hand, if you work for a software company, the growth in CVEs is directly relevant to your workload and release cycles. You simply must learn to ship more patches per security release.
As we navigate the AI Epoch, our defense strategies must pivot away from merely tracking the total volume of flaws. We must rely on exploitability overlays, contextual asset mapping, and defensive AI tools to ensure our human analysts focus only on the water threatening to flood the house.
Full Data and Methodology
The full methodology of this forecast, live data reports, and the Python scripts (cve_forecast_halftime.py and exploitability_overlay.py) used to generate these models are available in the companion GitHub repository: https://github.com/jgamblin/FirstForecast
The historical yearly forecast was written with a SARIMAX model, and in the mid-year cycle we switched to examining monthly forecasts with the monthly forecast code above. We discussed both, and made some judgements, and we think the monthly data shows different interesting stories that allows for better strategic decision making.
That yearly model can be found here: https://github.com/FIRSTdotorg/Vuln4Cast
