Asset trends
Where do vulnerabilities land — by vendor, by product class?
Vendor and product taxonomy derived from CPE strings on each CVE. Customer asset coverage (per-portfolio CVE matches) is reserved for when the auth-service inventory feed is plumbed in.
Last updated: 2026-05-19 11:30 UTC
Vendor cohorts — monthly CVE volumeAI
→ Three cohorts:
Glasswing (11 known) — the Project Glasswing
participants we have publicly confirmed. Unknown
— CVE-issuing organisations represented at the AI Vulnerability
Storm paper review. Known or assumed not Glasswing
— Barracuda, F5, Fedora, Fortinet, SAP, Siemens, and Trellix,
plus every other CVE-issuing vendor. Dashed line at 2026-04-13
marks the Mythos paper publication. Y-axis log.
Per-vendor sparklines — monthly CVE counts
→ One sparkline per named vendor. Purple = Glasswing,
cyan = Unknown, gray = Not Glasswing (named). Hover for monthly
counts.
Top-15 vendors by KEV adds (quarterly)
→ Stacked-bar quarterly view of the top-15 vendors by total
KEV-listing volume. Highlights which vendor classes attract
repeated confirmed-exploited entries — managed file transfer
and VPN/edge-appliance vendors dominate the right half. Same data
as the article’s actor-drift map but vendor-summary rather
than per-CVE detail.
Reserved — Customer asset coverage
The auth-service’s “My Environment” feature already maps user-uploaded CPEs to active CVEs. When we surface aggregate (anonymised) statistics — which vendors appear most in user portfolios, average CVE exposure per portfolio — this slot becomes a real chart.
Active anomalies — Asset lensAI
→ Auto-detected each daily run. Vendor-velocity shifts and
cohort changes. Resolves when the metric stops triggering.
No active anomalies in this lens.