Cyber Resilience

← All vendors

Apple Uses LLMs for vuln discovery

CPE vendor key: apple · 2,975 CVEs published in the last 24 months.

CVEs (365 d)
1,955
▲ +260 vs prior 30d
Avg CVSS (365 d)
6.94
over 1,955 CVEs
Avg EPSS pct (365 d)
0.17
higher = more likely exploited
KEV hit rate (365 d)
1.0%
19 of 1,955 added to CISA KEV
LLM-credited CVEs
93
Openai 93

Monthly CVE volume — last 24 months

2024202520260425
Each point is one calendar month. Bars in the severity card to the right slice the same volume by CVSS band.

Severity mix

CritHighMedLow
Stacked by CVSS band (Critical / High / Medium / Low) using the best available metric per CVE.

Top affected products (24 mo)

macos
2,728
iphone_os
719
ipados
667
visionos
395
tvos
330
watchos
324
safari
142
xcode
16
ipad_os
4
mac_os_x
2
Distinct CVEs that include each product in their CPE configuration.

Top CWEs (24 mo)

CWE-416
417
CWE-787
274
CWE-125
272
CWE-20
189
CWE-284
185
CWE-200
154
CWE-122
116
CWE-119
81
CWE-451
63
CWE-693
58
Distinct CVEs assigned each weakness.

Recent CISA KEV adds (last 12 months)

AddedCVEProductKEV name
2026-03-20CVE-2025-31277Multiple ProductsApple Multiple Products Buffer Overflow Vulnerability
2026-03-20CVE-2025-43510Multiple ProductsApple Multiple Products Improper Locking Vulnerability
2026-03-20CVE-2025-43520Multiple ProductsApple Multiple Products Classic Buffer Overflow Vulnerability
2026-03-05CVE-2023-43000Multiple ProductsApple Multiple products Use-After-Free Vulnerability
2026-02-12CVE-2026-20700Multiple ProductsApple Multiple Buffer Overflow Vulnerability
2025-12-15CVE-2025-43529Multiple ProductsApple Multiple Products Use-After-Free WebKit Vulnerability
2025-08-21CVE-2025-43300iOS, iPadOS, and macOSApple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Filtered to KEV rows where the CISA vendor name matches this vendor, to drop cross-OS noise (e.g. third-party Windows apps that CPE-map to Microsoft).

LLM-credited CVEs from this vendor

PublishedCVELLM familyModel(s)
2026-05-28CVE-2026-10001openaiOpenAI
2026-05-28CVE-2026-10002openaiOpenAI
2026-05-28CVE-2026-10003openaiOpenAI
2026-05-28CVE-2026-10004openaiOpenAI
2026-05-28CVE-2026-10005openaiOpenAI
2026-05-28CVE-2026-10006openaiOpenAI
2026-05-28CVE-2026-10007openaiOpenAI
2026-05-28CVE-2026-10009openaiOpenAI
2026-05-28CVE-2026-10012openaiOpenAI
2026-05-28CVE-2026-10013openaiOpenAI
2026-05-28CVE-2026-10015openaiOpenAI
2026-05-28CVE-2026-10016openaiOpenAI
2026-05-28CVE-2026-10018openaiOpenAI
2026-05-28CVE-2026-10019openaiOpenAI
2026-05-28CVE-2026-10021openaiOpenAI
2026-05-28CVE-2026-10022openaiOpenAI
2026-05-28CVE-2026-9873openaiOpenAI
2026-05-28CVE-2026-9874openaiOpenAI
2026-05-28CVE-2026-9877openaiOpenAI
2026-05-28CVE-2026-9878openaiOpenAI
2026-05-28CVE-2026-9879openaiOpenAI
2026-05-28CVE-2026-9880openaiOpenAI
2026-05-28CVE-2026-9881openaiOpenAI
2026-05-28CVE-2026-9882openaiOpenAI
2026-05-28CVE-2026-9883openaiOpenAI
From mythos_attributed_cves: CVEs whose NVD description or vendor advisory credits an LLM-assisted discovery. Confidence is high for every row.

Generated 19 June 2026 13:18 UTC <span class="time-ago" data-iso="2026-06-19T13:18:30Z"></span>.