Trends

What's changing in the threat landscape — by week, by quarter, by year?

Time-series views of CVE volume, exploitation pressure, weakness shifts, technique shifts, and control coverage. Window: since January 2024. Data refreshes nightly.

Last updated: 2026-05-08 16:25 UTC

CVE publication volume — weekly

→ All CVEs published per week since 2024-01, with AI-related CVEs (purple) overlaid. Lines hover for exact counts.

CISA KEV — additions per month

→ How fast is CISA adding CVEs to the Known Exploited Vulnerabilities list? A rising bar means more confirmed-exploited threats are reaching ops teams.

Time from publication to KEV listing

→ For each KEV-listed CVE: how long after publication did CISA add it? Same-day means the vuln was actively exploited at disclosure; years-later means it was a sleeper that became dangerous later.

Exploit pressure

→ For each month, the sum of EPSS scores across all CVEs published that month. Combined volume × exploit-probability. A rising curve means new vulnerabilities are getting more exploitable on average.

Exploitation pressure by MITRE ATT&CK tactic

→ For each month, the sum of EPSS scores across all CVEs whose ATT&CK techniques map to a given tactic. A CVE counts toward every tactic its techniques span. A rising tactic band means that attack stage is getting more exploitable as new vulnerabilities accumulate. Limited to CVEs with ATT&CK annotations.

Top weaknesses (CWE) — rank shift across years

→ The top-15 CWEs in each of 2024, 2025, and 2026 YTD by rank. Lines crossing means a CWE moved up or down the prevalence ladder. Hover for exact CVE counts.

Top ATT&CK techniques — rank shift across years

→ The top-15 MITRE ATT&CK Enterprise techniques in each of 2024, 2025, and 2026 YTD by CVE-association count. Hover for technique names and exact counts. Limited to CVEs with ATT&CK annotations (~5% of corpus).

Control family share of mitigationsAI

→ For each quarter, the share of annotated CVEs whose strongest mitigating NIST 800-53 r5 control belongs to each family. Surfaces which families do the heavy lifting and how that mix evolves. Limited to the ~16k CVEs with per-CVE control annotations.

CVSS distribution by quarter

→ Box plot of CVSS base scores per publication quarter. Box spans the interquartile range; the line inside is the median. Outliers above and below shown as dots. Use this to spot whether the median CVE is getting more or less severe.

Vendor cohorts — monthly CVE volumeAI

→ Three cohorts: Glasswing (11 known) — the Project Glasswing participants we have publicly confirmed. The full Glasswing list may be larger (~80 vendors); we count only the named subset. Unknown — CVE-issuing organisations represented at the AI Vulnerability Storm paper review (CSA “Mythos-ready” briefing). Some may also be in Glasswing; we don’t know which. Known or assumed not Glasswing — Barracuda, F5, Fedora, Fortinet, SAP, Siemens, and Trellix, plus every other CVE-issuing vendor on the planet. Dashed line at 2026-04-13 marks the Mythos paper publication. Y-axis log.

Per-vendor sparklines — monthly CVE counts

→ One sparkline per named vendor. Purple = Glasswing, cyan = Unknown, gray = Not Glasswing (named). Hover for monthly counts.

Severity impact of LLM-assisted vulnerability discoveryAI

→ Are vulnerabilities found with help from large language models more or less severe than other vulnerabilities? Two views below. Section A uses direct attribution: CVEs that explicitly credit Claude / Anthropic / Project Glasswing / GPT / Gemini / Grok / Llama / Copilot / Mistral / DeepSeek / etc. in NVD descriptions, vendor advisories, or our manual override list. Section B uses the Glasswing-cohort × time-window proxy from Tab 7 (broader signal but causally weaker). Read both together; the caveats below explain why. The framing is LLM-discovery in general — Mythos is the catalyst that drove this analysis, not the only signal.

Section A — Direct attribution (high-confidence, narrow)

169 CVEs detected with explicit LLM-discovery credit.

By LLM family: Anthropic: 171, Openai: 2.
Specific models cited (top 8): Claude (146), Anthropic (14), GPT5 (2), Claude Code (1).

Metric	Mythos-credited (n / mean)	All other CVEs (n / mean)	Difference	95% CI	p (Holm)	Hedges’ g / RD
CVSS base	169 / 8.22	52,241 / 6.70	+1.516	[+1.259, +1.765]	3.5e-27	+0.894
EPSS	169 / 0.0036	52,241 / 0.0049	-0.001	[-0.005, +0.005]	3e-12	-0.032
KEV-listing rate	169 / 0.0%	52,241 / 0.3%	-0.003	[-0.004, -0.003]	1	-0.003
Risk Priority	169 / 16.78	52,241 / 13.84	+2.933	[+2.309, +3.620]	9.1e-25	+0.596

Section B — Cohort × time-window DiD (broad, noisy)

Metric	Treated pre (n / mean)	Treated post (n / mean)	Control pre (n / mean)	Control post (n / mean)	DiD	95% CI	p (Holm)	Hedges’ g / RD
CVSS base	7,880 / 6.49	790 / 6.97	40,280 / 6.74	3,460 / 6.74	+0.478	[+0.351, +0.610]	3.7e-18	+0.326
EPSS	7,880 / 0.0034	790 / 0.0009	40,280 / 0.0056	3,460 / 0.0015	+0.002	[+0.000, +0.002]	4.9e-23	-0.081
KEV-listing rate	7,880 / 0.9%	790 / 0.6%	40,280 / 0.3%	3,460 / 0.1%	-0.001	[-0.006, +0.006]	0.55	-0.003
Risk Priority	7,880 / 13.44	790 / 14.25	40,280 / 13.94	3,460 / 13.66	+1.096	[+0.779, +1.416]	1e-17	+0.177

Distribution split — cohort × period

Per-vendor: more vulns AND more severe?

Robustness — matched 3-week pre/post window

Metric	Treated pre (n / mean)	Treated post (n / mean)	Control pre (n / mean)	Control post (n / mean)	DiD	95% CI	p (Holm)	Hedges’ g / RD
CVSS base	511 / 6.56	661 / 7.06	3,905 / 6.96	2,832 / 6.69	+0.761	[+0.566, +0.954]	2.6e-08	+0.326
EPSS	511 / 0.0006	661 / 0.0009	3,905 / 0.0023	2,832 / 0.0017	+0.001	[-0.000, +0.002]	0.00041	+0.056
KEV-listing rate	511 / 0.4%	661 / 0.6%	3,905 / 0.2%	2,832 / 0.0%	+0.003	[-0.005, +0.012]	0.7	+0.002
Risk Priority	511 / 13.33	661 / 14.42	3,905 / 14.16	2,832 / 13.57	+1.676	[+1.208, +2.135]	6e-08	+0.304

Parallel-trends check (pre-paper)

Caveats — read carefully

Attribution coverage. Section A captures only the small fraction of LLM-discovered CVEs whose NVD records explicitly credit Anthropic or Project Glasswing. Section B captures the bulk of post-paper Glasswing-vendor activity but cannot distinguish Mythos finds from other discovery channels. Read both views together.
Selection bias in direct attribution (critical). Vendors may strategically credit Anthropic / Glasswing on their most severe LLM-assisted finds (prestige effect — being publicly associated with high-impact Mythos discoveries is desirable PR), while quietly publishing routine LLM finds without credit. Section A's effect size is therefore an upper bound on the true mean Mythos-CVE severity, not an unbiased estimate. Section B (cohort × time) is less susceptible to this specific bias because it uses publication date alone, not credit text. Treat the two views as bracketing the truth.
Cohort proxy framing. The DiD answers "did Glasswing vendors' CVE severity change after the paper?" — not "are Mythos-discovered CVEs more severe?".
Parallel-trends assumption. DiD assumes Treated and Control cohorts were trending in parallel before the paper. See the parallel-trends chart above; if the lines diverge pre-paper, the DiD is biased.
Spillover (SUTVA). If non-Glasswing vendors also adopted Mythos-style tools after the paper, the control group is contaminated and the DiD under-estimates the true effect.
Composition shift. Post-cohort skews toward vendors that adopted aggressively; if those vendors' typical CVSS is unusually low or high, the post-period mean shifts even if no individual CVE differs.
EPSS settling. Brand-new CVEs may not yet have EPSS rows; FIRST.org takes a few days to score new CVEs. The post cohort is biased toward CVEs that are old enough to have an EPSS score.
KEV lag. KEV listings trail publication by weeks-to-months; post-period KEV rate is mechanically near zero and will rise as time passes.
CPE attribution lag. NVD adds CPE configurations after initial publication; very recent vendor-attributed CVEs are invisible to the cohort scanner. Biases against finding any effect.
Sample size. Section A confidence intervals are wide initially (small N). Section B post-window will tighten as more data accrues.

Active anomaliesAI

→ Auto-detected each daily run. A weakness, technique, KEV velocity, or exploitation-pressure metric is flagged when its year-over-year delta crosses a threshold (≥50% for CWE/technique; ≥50% for KEV; ≥30% for Σ EPSS). Anomalies persist across runs; when a metric stops triggering, the card moves to "Past anomalies" with a resolution date.

Weakness shift ▲ 35%

CWE-404 rising 35% YoY: 96 CVEs in H1 2026 vs 71 in H1 2025

view details › first detected 2026-05-08

Technique shift ▲ 60%

ATT&CK T1190 rising 60% YoY: 5,819 CVE-associations in H1 2026 vs 3,632 in H1 2025

view details › first detected 2026-05-08

Technique shift ▲ 58%

ATT&CK T1210 rising 58% YoY: 254 CVE-associations in H1 2026 vs 161 in H1 2025

view details › first detected 2026-05-08

Technique shift ▲ 56%

ATT&CK T1059.008 rising 56% YoY: 97 CVE-associations in H1 2026 vs 62 in H1 2025

view details › first detected 2026-05-08

Technique shift ▲ 172%

ATT&CK T1068 rising 172% YoY: 1,708 CVE-associations in H1 2026 vs 627 in H1 2025