Cyber Posture

Vulnerability trends

How is the CVE corpus changing over time?

All charts here derive from the CVE corpus our pipeline ingests (NVD + EPSS + per-CVE annotations). These are vulnerability-side signals — what is published, when, with what severity. Real-world exploitation lives in the Threat trends page.

Last updated: 2026-05-19 11:30 UTC

CVE publication volume — weekly

→ All CVEs published per week since 2024-01, with AI-related CVEs (purple) overlaid. Lines hover for exact counts.

Top weaknesses (CWE) — rank shift across years

→ The top-15 CWEs in each of 2024, 2025, and 2026 YTD by rank. Lines crossing means a CWE moved up or down the prevalence ladder. Hover for exact CVE counts.

CVSS distribution by quarter

→ Box plot of CVSS base scores per publication quarter. Box spans the interquartile range; the line inside is the median. Outliers shown as dots. Use this to spot whether the median CVE is getting more or less severe.

Exploit pressure of the CVE corpus

→ For each month, the sum of EPSS scores across all CVEs published that month. Combined volume × exploit-probability. A rising curve means new vulnerabilities are getting more exploitable on average. (This is a property of the CVE corpus, not observed exploitation activity.)

Substantively-modified CVEs — weekly

→ CVEs whose NVD record was updated at least 7 days after initial publication, bucketed by the week of modification. Filters out the small within-week post-publish corrections; what remains is the substantive re-touch signal — CPE additions, CVSS rescoring, description refinement, KEV-linked tweaks. Same threshold as the “Updated” badge on CVE detail pages (example).

Severity impact of LLM-assisted vulnerability discoveryAI

→ Are vulnerabilities found with help from large language models more or less severe than other vulnerabilities? Two views below. Section A uses direct attribution: CVEs that explicitly credit Claude / Anthropic / Project Glasswing / GPT / Gemini / Grok / Llama / Copilot / Mistral / DeepSeek / etc. in NVD descriptions, vendor advisories, or our manual override list. Section B uses the Glasswing-cohort × time-window proxy (broader signal but causally weaker).

Section A — Direct attribution (high-confidence, narrow)

173 CVEs detected with explicit LLM-discovery credit.

By LLM family: Anthropic: 177, Openai: 2.
Specific models cited (top 8): Claude (150), Anthropic (14), GPT5 (2), Claude Code (1), Project Glasswing (1).

MetricMythos-credited (n / mean)All other CVEs (n / mean)Difference95% CIp (Holm)Hedges’ g / RD
CVSS base173 / 8.2454,763 / 6.71+1.532[+1.276, +1.776]2.2e-28+0.904
EPSS173 / 0.003554,763 / 0.0050-0.001[-0.005, +0.005]9.9e-12-0.034
KEV-listing rate173 / 0.0%54,763 / 0.3%-0.003[-0.004, -0.003]1-0.003
Risk Priority173 / 16.8254,763 / 13.85+2.969[+2.342, +3.651]5.3e-26+0.605

Section B — Cohort × time-window DiD

MetricTreated pre (n / mean)Treated post (n / mean)Control pre (n / mean)Control post (n / mean)DiD95% CIp (Holm)Hedges’ g / RD
CVSS base7,882 / 6.491,450 / 6.8940,285 / 6.745,319 / 6.77+0.367[+0.268, +0.468]5.1e-20+0.270
EPSS7,882 / 0.00361,450 / 0.001040,285 / 0.00585,319 / 0.0017+0.002[+0.000, +0.003]6e-54-0.082
KEV-listing rate7,882 / 0.9%1,450 / 0.5%40,285 / 0.3%5,319 / 0.1%-0.002[-0.006, +0.002]0.12-0.004
Risk Priority7,882 / 13.451,450 / 14.0440,285 / 13.955,319 / 13.73+0.820[+0.572, +1.072]1.8e-17+0.130

Distribution split — cohort × period

Per-vendor: more vulns AND more severe?

Robustness — matched 3-week pre/post window

MetricTreated pre (n / mean)Treated post (n / mean)Control pre (n / mean)Control post (n / mean)DiD95% CIp (Holm)Hedges’ g / RD
CVSS base511 / 6.56740 / 7.053,909 / 6.962,808 / 6.68+0.766[+0.571, +0.958]2.3e-08+0.322
EPSS511 / 0.0007740 / 0.00093,909 / 0.00262,808 / 0.0018+0.001[-0.000, +0.002]6.3e-06+0.043
KEV-listing rate511 / 0.4%740 / 0.5%3,909 / 0.2%2,808 / 0.0%+0.003[-0.005, +0.010]1+0.001
Risk Priority511 / 13.33740 / 14.393,909 / 14.182,808 / 13.55+1.681[+1.216, +2.125]6.5e-08+0.297

Parallel-trends check (pre-paper)

Active anomalies — Vulnerability lensAI

→ Auto-detected each daily run. Year-over-year deltas on vulnerability-side metrics (CWE shifts, severity, EPSS pressure) cross threshold → card appears. Resolves when the metric stops triggering.
Technique shift 84%

ATT&CK T1552.001 rising 84% YoY: 217 CVE-associations in H1 2026 vs 118 in H1 2025

view details › first detected 2026-05-12
Technique shift 127%

ATT&CK T1557 rising 127% YoY: 118 CVE-associations in H1 2026 vs 52 in H1 2025

view details › first detected 2026-05-12
Technique shift 142%

ATT&CK T1078 rising 142% YoY: 160 CVE-associations in H1 2026 vs 66 in H1 2025

view details › first detected 2026-05-12
Technique shift 219%

ATT&CK T1552 rising 219% YoY: 188 CVE-associations in H1 2026 vs 59 in H1 2025

view details › first detected 2026-05-12
Technique shift 142%

ATT&CK T1046 rising 142% YoY: 128 CVE-associations in H1 2026 vs 53 in H1 2025

view details › first detected 2026-05-12
Weakness shift 82%

CWE-404 rising 82% YoY: 129 CVEs in H1 2026 vs 71 in H1 2025

view details › first detected 2026-05-08
Technique shift 74%

ATT&CK T1190 rising 74% YoY: 8,337 CVE-associations in H1 2026 vs 4,805 in H1 2025

view details › first detected 2026-05-08
Technique shift 54%

ATT&CK T1210 rising 54% YoY: 312 CVE-associations in H1 2026 vs 203 in H1 2025

view details › first detected 2026-05-08
Technique shift 117%

ATT&CK T1068 rising 117% YoY: 2,509 CVE-associations in H1 2026 vs 1,154 in H1 2025

view details › first detected 2026-05-06
Technique shift 155%

ATT&CK T1499.004 rising 155% YoY: 1,685 CVE-associations in H1 2026 vs 660 in H1 2025

view details › first detected 2026-05-06
Technique shift 137%

ATT&CK T1005 rising 137% YoY: 765 CVE-associations in H1 2026 vs 323 in H1 2025

view details › first detected 2026-05-06
Technique shift 161%

ATT&CK T1204.002 rising 161% YoY: 507 CVE-associations in H1 2026 vs 194 in H1 2025

view details › first detected 2026-05-06
Technique shift 113%

ATT&CK T1485 rising 113% YoY: 143 CVE-associations in H1 2026 vs 67 in H1 2025

view details › first detected 2026-05-06
Weakness shift 12%

CWE-862 rising 12% YoY: 1,272 CVEs in H1 2026 vs 1,133 in H1 2025

view details › first detected 2026-05-06
Weakness shift 70%

CWE-22 rising 70% YoY: 953 CVEs in H1 2026 vs 562 in H1 2025

view details › first detected 2026-05-06
Weakness shift 78%

CWE-78 rising 78% YoY: 563 CVEs in H1 2026 vs 316 in H1 2025

view details › first detected 2026-05-06
Weakness shift 109%

CWE-918 rising 109% YoY: 575 CVEs in H1 2026 vs 275 in H1 2025

view details › first detected 2026-05-06
Weakness shift 70%

CWE-20 rising 70% YoY: 518 CVEs in H1 2026 vs 305 in H1 2025

view details › first detected 2026-05-06
Weakness shift 59%

CWE-98 rising 59% YoY: 399 CVEs in H1 2026 vs 251 in H1 2025

view details › first detected 2026-05-06
Weakness shift 68%

CWE-352 falling 68% YoY: 423 CVEs in H1 2026 vs 1,305 in H1 2025

view details › first detected 2026-05-06
Weakness shift 50%

CWE-863 rising 50% YoY: 435 CVEs in H1 2026 vs 290 in H1 2025

view details › first detected 2026-05-06
Weakness shift 131%

CWE-639 rising 131% YoY: 388 CVEs in H1 2026 vs 168 in H1 2025

view details › first detected 2026-05-06
Weakness shift 84%

CWE-121 rising 84% YoY: 330 CVEs in H1 2026 vs 179 in H1 2025

view details › first detected 2026-05-06
Weakness shift 56%

CWE-476 falling 56% YoY: 380 CVEs in H1 2026 vs 860 in H1 2025

view details › first detected 2026-05-06
Weakness shift 101%

CWE-306 rising 101% YoY: 320 CVEs in H1 2026 vs 159 in H1 2025

view details › first detected 2026-05-06
Weakness shift 3%

CWE-502 rising 3% YoY: 329 CVEs in H1 2026 vs 320 in H1 2025

view details › first detected 2026-05-06
Weakness shift 51%

CWE-122 rising 51% YoY: 315 CVEs in H1 2026 vs 209 in H1 2025

view details › first detected 2026-05-06
Weakness shift 31%

CWE-120 falling 31% YoY: 281 CVEs in H1 2026 vs 408 in H1 2025

view details › first detected 2026-05-06
Weakness shift 17%

CWE-434 falling 17% YoY: 270 CVEs in H1 2026 vs 325 in H1 2025

view details › first detected 2026-05-06
Weakness shift 8%

CWE-362 rising 8% YoY: 235 CVEs in H1 2026 vs 217 in H1 2025

view details › first detected 2026-05-06
Weakness shift 13%

CWE-266 falling 13% YoY: 186 CVEs in H1 2026 vs 213 in H1 2025

view details › first detected 2026-05-06
Weakness shift 100%

CWE-285 rising 100% YoY: 148 CVEs in H1 2026 vs 74 in H1 2025

view details › first detected 2026-05-06
Weakness shift 59%

CWE-401 falling 59% YoY: 167 CVEs in H1 2026 vs 408 in H1 2025

view details › first detected 2026-05-06
Weakness shift 70%

CWE-295 rising 70% YoY: 131 CVEs in H1 2026 vs 77 in H1 2025

view details › first detected 2026-05-06
Technique shift 164%

ATT&CK T1203 rising 163% YoY: 959 CVE-associations in H1 2026 vs 364 in H1 2025

view details › first detected 2026-05-06
Technique shift 204%

ATT&CK T1059.004 rising 204% YoY: 702 CVE-associations in H1 2026 vs 231 in H1 2025

view details › first detected 2026-05-06
Technique shift 61%

ATT&CK T1213.006 falling 61% YoY: 379 CVE-associations in H1 2026 vs 965 in H1 2025

view details › first detected 2026-05-06
Technique shift 211%

ATT&CK T1189 rising 211% YoY: 401 CVE-associations in H1 2026 vs 129 in H1 2025

view details › first detected 2026-05-06
Technique shift 159%

ATT&CK T1059 rising 159% YoY: 326 CVE-associations in H1 2026 vs 126 in H1 2025

view details › first detected 2026-05-06
Technique shift 53%

ATT&CK T1185 rising 53% YoY: 385 CVE-associations in H1 2026 vs 252 in H1 2025

view details › first detected 2026-05-06
KEV velocity 107%

KEV additions accelerating 107% YoY: 31 CVEs added to CISA KEV in 2026-04 vs 15 in 2025-04

view details › first detected 2026-05-06
Exploitation pressure 64%

Σ EPSS of newly-published CVEs falling 64% YoY: 11.8 this month (5,831 CVEs) vs 32.7 same month prior year (4,034 CVEs)

view details › first detected 2026-05-06

Past anomalies (resolved)

Anomalies that triggered on a previous run but no longer do. Showing the most recent 8.

Weakness shift 20% resolved 2026-05-17

CWE-269 rising 20% YoY: 182 CVEs in H1 2026 vs 152 in H1 2025

view details › first detected 2026-05-17
Technique shift 52% resolved 2026-05-12

ATT&CK T1204.001 falling 52% YoY: 140 CVE-associations in H1 2026 vs 289 in H1 2025

view details › first detected 2026-05-06
Technique shift 50% resolved 2026-05-12

ATT&CK T1059.007 falling 50% YoY: 427 CVE-associations in H1 2026 vs 856 in H1 2025

view details › first detected 2026-05-06
Technique shift 50% resolved 2026-05-12

ATT&CK T1539 falling 50% YoY: 190 CVE-associations in H1 2026 vs 381 in H1 2025

view details › first detected 2026-05-06
Technique shift 57% resolved 2026-05-12

ATT&CK T1505.003 rising 57% YoY: 247 CVE-associations in H1 2026 vs 157 in H1 2025

view details › first detected 2026-05-08
Technique shift 52% resolved 2026-05-12

ATT&CK T1059.008 rising 52% YoY: 97 CVE-associations in H1 2026 vs 64 in H1 2025

view details › first detected 2026-05-08
Technique shift 57% resolved 2026-05-08

ATT&CK T1566.002 falling 57% YoY: 52 CVE-associations in H1 2026 vs 121 in H1 2025

view details › first detected 2026-05-06
Weakness shift 11% resolved 2026-05-08

CWE-288 rising 11% YoY: 94 CVEs in H1 2026 vs 85 in H1 2025

view details › first detected 2026-05-06