Since the Mythos paper was published on 2026-04-01, 6,250 CVEs have been published across 33 publishing days (out of 34 elapsed calendar days) — an expected annualised rate of 69,129 CVEs/year (★ our best estimate). The chart below highlights this “Expected” bar in sky blue with a bolded label, since it is the only point grounded in observed post-paper data. For context, 2025 saw 49,972 CVEs in total. The 2026 Prediction (no LLM) bar of 65,887/year is computed by annualising the 16,246 CVEs published in the first 90 days of 2026 (the run-rate before the Mythos paper landed).
Our four projections assuming LLM-based discovery of new vulnerabilities ranged from 268,800/year (S2 · floor (20% disc., 80% LLM)) to 588,800/year (S1 · worst case (10% disc., 80% LLM)). The most aggressive Year-1 projection (Scenario S1) was 588,800/year.