Cyber Resilience

Vulnerability trends

How is the CVE corpus changing over time?

All charts here derive from the CVE corpus our pipeline ingests (NVD + EPSS + per-CVE annotations). These are vulnerability-side signals — what is published, when, with what severity. Real-world exploitation lives in the Threat trends page.

Last updated: 2026-07-04 00:54 UTC

CVE publication volume — weekly

→ All CVEs published per week since 2024-01, with AI-related CVEs (purple) overlaid. Lines hover for exact counts.

Top weaknesses (CWE) — rank shift across years

→ The top-15 CWEs in each of 2024, 2025, and 2026 YTD by rank. Lines crossing means a CWE moved up or down the prevalence ladder. Hover for exact CVE counts.

CVSS distribution by quarter

→ Box plot of CVSS base scores per publication quarter. Box spans the interquartile range; the line inside is the median. Outliers shown as dots. Use this to spot whether the median CVE is getting more or less severe.

Exploit pressure of the CVE corpus

→ For each month, the sum of EPSS scores across all CVEs published that month. Combined volume × exploit-probability. A rising curve means new vulnerabilities are getting more exploitable on average. (This is a property of the CVE corpus, not observed exploitation activity.)

Substantively-modified CVEs — weekly

→ CVEs whose NVD record was updated at least 7 days after initial publication, bucketed by the week of modification. Filters out the small within-week post-publish corrections; what remains is the substantive re-touch signal — CPE additions, CVSS rescoring, description refinement, KEV-linked tweaks. Same threshold as the “Updated” badge on CVE detail pages (example).

Product categories compared — eight metrics side by side

→ A small-multiples view of how the seven product categories (Microsoft / macOS / Linux / Mobile / Network / Application / Other) stack up across eight posture metrics: annual CVE volume (2024 and 2025), KEV share, the mean EPSS of each category’s top-decile CVEs, AI-related share, ransomware-linked KEV share, open-source share, and mean CVSS. Each panel rescales independently so the ranking within a metric is visible even when totals differ by orders of magnitude. Multi-label CVEs (e.g. Microsoft Office for Mac) count toward every category they touch — same semantics as the per-CVE pill on detail pages.

Severity impact of LLM-assisted vulnerability discoveryAI

→ Are vulnerabilities found with help from large language models more or less severe than other vulnerabilities? Two views below. Section A uses direct attribution: CVEs that explicitly credit Claude / Anthropic / Project Glasswing / GPT / Gemini / Grok / Llama / Copilot / Mistral / DeepSeek / etc. in NVD descriptions, vendor advisories, or our manual override list. Section B uses the Glasswing-cohort × time-window proxy (broader signal but causally weaker).

Section A — Direct attribution (high-confidence, narrow)

396 CVEs detected with explicit LLM-discovery credit.

By LLM family: Anthropic: 250, Openai: 153, Google: 1.
Specific models cited (top 8): Claude (153), OpenAI (151), Anthropic (71), GPT5 (2), Claude Opus 4.6 (2), Claude Code (1), Project Glasswing (1), Gemini Pro (1).

MetricMythos-credited (n / mean)All other CVEs (n / mean)Difference95% CIp (Holm)Hedges’ g / RD
CVSS base396 / 7.7665,267 / 6.75+1.014[+0.846, +1.180]3.8e-33+0.597
EPSS396 / 0.005365,267 / 0.0074-0.002[-0.004, +0.002]1-0.048
KEV-listing rate396 / 0.0%65,267 / 0.3%-0.003[-0.004, -0.003]1-0.003
Risk Priority396 / 52.9265,267 / 45.43+7.491[+6.129, +8.837]1.2e-28+0.534

Section B — Cohort × time-window DiD

MetricTreated pre (n / mean)Treated post (n / mean)Control pre (n / mean)Control post (n / mean)DiD95% CIp (Holm)Hedges’ g / RD
CVSS base8,028 / 6.494,105 / 6.9640,258 / 6.7413,272 / 6.92+0.286[+0.218, +0.355]1.9e-57+0.309
EPSS8,028 / 0.00684,105 / 0.005140,258 / 0.008413,272 / 0.0051+0.002[-0.000, +0.003]0.47-0.038
KEV-listing rate8,028 / 0.9%4,105 / 0.4%40,258 / 0.3%13,272 / 0.2%-0.004[-0.007, -0.001]0.0074-0.005
Risk Priority8,028 / 43.984,105 / 46.8240,258 / 45.2513,272 / 46.64+1.448[+0.890, +2.002]1.4e-37+0.223

Distribution split — cohort × period

Per-vendor: more vulns AND more severe?

Robustness — matched 3-week pre/post window

MetricTreated pre (n / mean)Treated post (n / mean)Control pre (n / mean)Control post (n / mean)DiD95% CIp (Holm)Hedges’ g / RD
CVSS base602 / 6.57771 / 7.033,877 / 6.952,819 / 6.68+0.726[+0.543, +0.912]1.6e-08+0.304
EPSS602 / 0.0027771 / 0.00643,877 / 0.00712,819 / 0.0058+0.005[+0.002, +0.009]0.32+0.104
KEV-listing rate602 / 0.3%771 / 0.5%3,877 / 0.2%2,819 / 0.0%+0.003[-0.004, +0.010]0.7+0.002
Risk Priority602 / 44.19771 / 48.243,877 / 46.712,819 / 44.62+6.150[+4.659, +7.653]1.6e-09+0.331

Parallel-trends check (pre-paper)

Active anomalies — Vulnerability lensAI

→ Auto-detected each daily run. Year-over-year deltas on vulnerability-side metrics (CWE shifts, severity, EPSS pressure) cross threshold → card appears. Resolves when the metric stops triggering.
Weakness shift 55%

CWE-125 rising 55% YoY: 830 CVEs in H1 2026 vs 534 in H1 2025

view details › first detected 2026-06-30
Technique shift 88%

ATT&CK T1105 rising 88% YoY: 171 CVE-associations in H1 2026 vs 91 in H1 2025

view details › first detected 2026-06-28
Weakness shift 29%

CWE-119 rising 29% YoY: 754 CVEs in H1 2026 vs 585 in H1 2025

view details › first detected 2026-06-23
Weakness shift 97%

CWE-284 rising 97% YoY: 882 CVEs in H1 2026 vs 448 in H1 2025

view details › first detected 2026-06-23
Weakness shift 84%

CWE-190 rising 84% YoY: 322 CVEs in H1 2026 vs 175 in H1 2025

view details › first detected 2026-06-23
Weakness shift 61%

CWE-601 rising 61% YoY: 203 CVEs in H1 2026 vs 126 in H1 2025

view details › first detected 2026-06-23
Weakness shift 77%

CWE-94 rising 77% YoY: 575 CVEs in H1 2026 vs 325 in H1 2025

view details › first detected 2026-06-15
Weakness shift 70%

CWE-200 rising 70% YoY: 649 CVEs in H1 2026 vs 381 in H1 2025

view details › first detected 2026-06-13
Weakness shift 106%

CWE-416 rising 106% YoY: 1,214 CVEs in H1 2026 vs 590 in H1 2025

view details › first detected 2026-06-09
Technique shift 117%

ATT&CK T1212 rising 117% YoY: 165 CVE-associations in H1 2026 vs 76 in H1 2025

view details › first detected 2026-06-02
Technique shift 101%

ATT&CK T1070.004 rising 101% YoY: 139 CVE-associations in H1 2026 vs 69 in H1 2025

view details › first detected 2026-06-01
Weakness shift 113%

CWE-770 rising 113% YoY: 470 CVEs in H1 2026 vs 221 in H1 2025

view details › first detected 2026-05-28
Weakness shift 64%

CWE-77 rising 65% YoY: 566 CVEs in H1 2026 vs 344 in H1 2025

view details › first detected 2026-05-27
Technique shift 101%

ATT&CK T1098 rising 101% YoY: 177 CVE-associations in H1 2026 vs 88 in H1 2025

view details › first detected 2026-05-27
Weakness shift 120%

CWE-400 rising 120% YoY: 476 CVEs in H1 2026 vs 216 in H1 2025

view details › first detected 2026-05-26
Weakness shift 108%

CWE-287 rising 108% YoY: 369 CVEs in H1 2026 vs 177 in H1 2025

view details › first detected 2026-05-26
Technique shift 100%

ATT&CK T1565.001 rising 100% YoY: 310 CVE-associations in H1 2026 vs 155 in H1 2025

view details › first detected 2026-05-24
Technique shift 118%

ATT&CK T1083 rising 118% YoY: 168 CVE-associations in H1 2026 vs 77 in H1 2025

view details › first detected 2026-05-24
Weakness shift 117%

CWE-269 rising 117% YoY: 330 CVEs in H1 2026 vs 152 in H1 2025

view details › first detected 2026-05-17
Technique shift 254%

ATT&CK T1552.001 rising 254% YoY: 418 CVE-associations in H1 2026 vs 118 in H1 2025

view details › first detected 2026-05-12
Technique shift 406%

ATT&CK T1557 rising 406% YoY: 263 CVE-associations in H1 2026 vs 52 in H1 2025

view details › first detected 2026-05-12
Technique shift 321%

ATT&CK T1078 rising 321% YoY: 278 CVE-associations in H1 2026 vs 66 in H1 2025

view details › first detected 2026-05-12
Technique shift 619%

ATT&CK T1552 rising 619% YoY: 424 CVE-associations in H1 2026 vs 59 in H1 2025

view details › first detected 2026-05-12
Technique shift 266%

ATT&CK T1046 rising 266% YoY: 194 CVE-associations in H1 2026 vs 53 in H1 2025

view details › first detected 2026-05-12
Technique shift 114%

ATT&CK T1505.003 rising 114% YoY: 519 CVE-associations in H1 2026 vs 242 in H1 2025

view details › first detected 2026-05-08
Technique shift 219%

ATT&CK T1190 rising 219% YoY: 15,442 CVE-associations in H1 2026 vs 4,842 in H1 2025

view details › first detected 2026-05-08
Technique shift 115%

ATT&CK T1210 rising 115% YoY: 437 CVE-associations in H1 2026 vs 203 in H1 2025

view details › first detected 2026-05-08
Technique shift 71%

ATT&CK T1059.008 rising 71% YoY: 128 CVE-associations in H1 2026 vs 75 in H1 2025

view details › first detected 2026-05-08
Technique shift 327%

ATT&CK T1068 rising 327% YoY: 4,928 CVE-associations in H1 2026 vs 1,155 in H1 2025

view details › first detected 2026-05-06
Technique shift 431%

ATT&CK T1499.004 rising 431% YoY: 3,504 CVE-associations in H1 2026 vs 660 in H1 2025

view details › first detected 2026-05-06
Technique shift 349%

ATT&CK T1005 rising 349% YoY: 1,463 CVE-associations in H1 2026 vs 326 in H1 2025

view details › first detected 2026-05-06
Technique shift 346%

ATT&CK T1204.002 rising 346% YoY: 865 CVE-associations in H1 2026 vs 194 in H1 2025

view details › first detected 2026-05-06
Technique shift 218%

ATT&CK T1485 rising 218% YoY: 213 CVE-associations in H1 2026 vs 67 in H1 2025

view details › first detected 2026-05-06
Technique shift 119%

ATT&CK T1566.002 rising 119% YoY: 320 CVE-associations in H1 2026 vs 146 in H1 2025

view details › first detected 2026-05-06
Weakness shift 53%

CWE-862 rising 53% YoY: 1,732 CVEs in H1 2026 vs 1,133 in H1 2025

view details › first detected 2026-05-06
Weakness shift 142%

CWE-22 rising 142% YoY: 1,358 CVEs in H1 2026 vs 562 in H1 2025

view details › first detected 2026-05-06
Weakness shift 154%

CWE-78 rising 154% YoY: 802 CVEs in H1 2026 vs 316 in H1 2025

view details › first detected 2026-05-06
Weakness shift 188%

CWE-918 rising 188% YoY: 788 CVEs in H1 2026 vs 274 in H1 2025

view details › first detected 2026-05-06
Weakness shift 220%

CWE-20 rising 220% YoY: 977 CVEs in H1 2026 vs 305 in H1 2025

view details › first detected 2026-05-06
Weakness shift 102%

CWE-98 rising 102% YoY: 507 CVEs in H1 2026 vs 251 in H1 2025

view details › first detected 2026-05-06
Weakness shift 54%

CWE-352 falling 54% YoY: 596 CVEs in H1 2026 vs 1,305 in H1 2025

view details › first detected 2026-05-06
Weakness shift 102%

CWE-863 rising 102% YoY: 586 CVEs in H1 2026 vs 290 in H1 2025

view details › first detected 2026-05-06
Weakness shift 245%

CWE-639 rising 245% YoY: 579 CVEs in H1 2026 vs 168 in H1 2025

view details › first detected 2026-05-06
Weakness shift 155%

CWE-121 rising 155% YoY: 456 CVEs in H1 2026 vs 179 in H1 2025

view details › first detected 2026-05-06
Weakness shift 34%

CWE-476 falling 34% YoY: 567 CVEs in H1 2026 vs 860 in H1 2025

view details › first detected 2026-05-06
Weakness shift 193%

CWE-306 rising 193% YoY: 466 CVEs in H1 2026 vs 159 in H1 2025

view details › first detected 2026-05-06
Weakness shift 73%

CWE-502 rising 73% YoY: 554 CVEs in H1 2026 vs 320 in H1 2025

view details › first detected 2026-05-06
Weakness shift 127%

CWE-122 rising 127% YoY: 475 CVEs in H1 2026 vs 209 in H1 2025

view details › first detected 2026-05-06
Weakness shift 2%

CWE-120 falling 1% YoY: 403 CVEs in H1 2026 vs 409 in H1 2025

view details › first detected 2026-05-06
Weakness shift 6%

CWE-434 rising 6% YoY: 345 CVEs in H1 2026 vs 325 in H1 2025

view details › first detected 2026-05-06
Weakness shift 54%

CWE-362 rising 54% YoY: 335 CVEs in H1 2026 vs 217 in H1 2025

view details › first detected 2026-05-06
Weakness shift 47%

CWE-266 rising 47% YoY: 314 CVEs in H1 2026 vs 213 in H1 2025

view details › first detected 2026-05-06
Weakness shift 182%

CWE-285 rising 182% YoY: 209 CVEs in H1 2026 vs 74 in H1 2025

view details › first detected 2026-05-06
Weakness shift 33%

CWE-401 falling 33% YoY: 275 CVEs in H1 2026 vs 408 in H1 2025

view details › first detected 2026-05-06
Weakness shift 165%

CWE-295 rising 165% YoY: 204 CVEs in H1 2026 vs 77 in H1 2025

view details › first detected 2026-05-06
Technique shift 431%

ATT&CK T1203 rising 431% YoY: 1,938 CVE-associations in H1 2026 vs 365 in H1 2025

view details › first detected 2026-05-06
Technique shift 362%

ATT&CK T1059.004 rising 362% YoY: 1,085 CVE-associations in H1 2026 vs 235 in H1 2025

view details › first detected 2026-05-06
Technique shift 721%

ATT&CK T1189 rising 721% YoY: 1,067 CVE-associations in H1 2026 vs 130 in H1 2025

view details › first detected 2026-05-06
Technique shift 313%

ATT&CK T1059 rising 313% YoY: 520 CVE-associations in H1 2026 vs 126 in H1 2025

view details › first detected 2026-05-06
Technique shift 93%

ATT&CK T1059.007 rising 93% YoY: 1,652 CVE-associations in H1 2026 vs 856 in H1 2025

view details › first detected 2026-05-06
Technique shift 78%

ATT&CK T1539 rising 78% YoY: 677 CVE-associations in H1 2026 vs 381 in H1 2025

view details › first detected 2026-05-06
Technique shift 316%

ATT&CK T1185 rising 315% YoY: 1,047 CVE-associations in H1 2026 vs 252 in H1 2025

view details › first detected 2026-05-06

Past anomalies (resolved)

Anomalies that triggered on a previous run but no longer do. Showing the most recent 9.

Weakness shift 218% resolved 2026-07-03

CWE-367 rising 218% YoY: 162 CVEs in H1 2026 vs 51 in H1 2025

view details › first detected 2026-06-30
Weakness shift 80% resolved 2026-06-30

CWE-288 rising 80% YoY: 153 CVEs in H1 2026 vs 85 in H1 2025

view details › first detected 2026-05-06
Technique shift 50% resolved 2026-06-29

ATT&CK T1213.006 falling 50% YoY: 481 CVE-associations in H1 2026 vs 965 in H1 2025

view details › first detected 2026-05-06
Technique shift 88% resolved 2026-06-29

ATT&CK T1078.001 rising 88% YoY: 98 CVE-associations in H1 2026 vs 52 in H1 2025

view details › first detected 2026-06-01
Weakness shift 111% resolved 2026-06-24

CWE-404 rising 111% YoY: 150 CVEs in H1 2026 vs 71 in H1 2025

view details › first detected 2026-05-08
Exploitation pressure 56% resolved 2026-06-15

Σ EPSS of newly-published CVEs falling 55% YoY: 14.2 this month (6,955 CVEs) vs 32.0 same month prior year (3,981 CVEs)

view details › first detected 2026-06-01
Exploitation pressure 62% resolved 2026-06-01

Σ EPSS of newly-published CVEs falling 62% YoY: 13.7 this month (5,831 CVEs) vs 36.1 same month prior year (4,035 CVEs)

view details › first detected 2026-05-06
KEV velocity 107% resolved 2026-06-01

KEV additions accelerating 107% YoY: 31 CVEs added to CISA KEV in 2026-04 vs 15 in 2025-04

view details › first detected 2026-05-06
Technique shift 52% resolved 2026-05-12

ATT&CK T1204.001 falling 52% YoY: 140 CVE-associations in H1 2026 vs 289 in H1 2025

view details › first detected 2026-05-06