Cyber Posture

Vulnerability trends

How is the CVE corpus changing over time?

All charts here derive from the CVE corpus our pipeline ingests (NVD + EPSS + per-CVE annotations). These are vulnerability-side signals — what is published, when, with what severity. Real-world exploitation lives in the Threat trends page.

Last updated: 2026-05-15 11:31 UTC

CVE publication volume — weekly

→ All CVEs published per week since 2024-01, with AI-related CVEs (purple) overlaid. Lines hover for exact counts.

Top weaknesses (CWE) — rank shift across years

→ The top-15 CWEs in each of 2024, 2025, and 2026 YTD by rank. Lines crossing means a CWE moved up or down the prevalence ladder. Hover for exact CVE counts.

CVSS distribution by quarter

→ Box plot of CVSS base scores per publication quarter. Box spans the interquartile range; the line inside is the median. Outliers shown as dots. Use this to spot whether the median CVE is getting more or less severe.

Exploit pressure of the CVE corpus

→ For each month, the sum of EPSS scores across all CVEs published that month. Combined volume × exploit-probability. A rising curve means new vulnerabilities are getting more exploitable on average. (This is a property of the CVE corpus, not observed exploitation activity.)

Substantively-modified CVEs — weekly

→ CVEs whose NVD record was updated at least 7 days after initial publication, bucketed by the week of modification. Filters out the small within-week post-publish corrections; what remains is the substantive re-touch signal — CPE additions, CVSS rescoring, description refinement, KEV-linked tweaks. Same threshold as the “Updated” badge on CVE detail pages (example).

Severity impact of LLM-assisted vulnerability discoveryAI

→ Are vulnerabilities found with help from large language models more or less severe than other vulnerabilities? Two views below. Section A uses direct attribution: CVEs that explicitly credit Claude / Anthropic / Project Glasswing / GPT / Gemini / Grok / Llama / Copilot / Mistral / DeepSeek / etc. in NVD descriptions, vendor advisories, or our manual override list. Section B uses the Glasswing-cohort × time-window proxy (broader signal but causally weaker).

Section A — Direct attribution (high-confidence, narrow)

172 CVEs detected with explicit LLM-discovery credit.

By LLM family: Anthropic: 176, Openai: 2.
Specific models cited (top 8): Claude (150), Anthropic (14), GPT5 (2), Claude Code (1), Project Glasswing (1).

MetricMythos-credited (n / mean)All other CVEs (n / mean)Difference95% CIp (Holm)Hedges’ g / RD
CVSS base172 / 8.2354,252 / 6.71+1.523[+1.271, +1.771]6.1e-28+0.899
EPSS172 / 0.003554,252 / 0.0049-0.001[-0.005, +0.005]2.4e-11-0.033
KEV-listing rate172 / 0.0%54,252 / 0.3%-0.003[-0.004, -0.003]1-0.003
Risk Priority172 / 16.8154,252 / 13.86+2.953[+2.322, +3.643]1.4e-25+0.602

Section B — Cohort × time-window DiD

MetricTreated pre (n / mean)Treated post (n / mean)Control pre (n / mean)Control post (n / mean)DiD95% CIp (Holm)Hedges’ g / RD
CVSS base7,882 / 6.491,262 / 6.8940,284 / 6.744,996 / 6.80+0.332[+0.228, +0.436]1.4e-18+0.273
EPSS7,882 / 0.00351,262 / 0.000840,284 / 0.00574,996 / 0.0017+0.001[+0.000, +0.002]7.8e-52-0.088
KEV-listing rate7,882 / 0.9%1,262 / 0.4%40,284 / 0.3%4,996 / 0.1%-0.004[-0.008, +0.001]0.068-0.005
Risk Priority7,882 / 13.441,262 / 14.0140,284 / 13.954,996 / 13.81+0.710[+0.456, +0.964]2.3e-16+0.126

Distribution split — cohort × period

Per-vendor: more vulns AND more severe?

Robustness — matched 3-week pre/post window

MetricTreated pre (n / mean)Treated post (n / mean)Control pre (n / mean)Control post (n / mean)DiD95% CIp (Holm)Hedges’ g / RD
CVSS base511 / 6.56730 / 7.033,909 / 6.962,814 / 6.69+0.737[+0.538, +0.931]8.5e-08+0.308
EPSS511 / 0.0007730 / 0.00083,909 / 0.00252,814 / 0.0017+0.001[-0.000, +0.002]3.8e-07+0.030
KEV-listing rate511 / 0.4%730 / 0.5%3,909 / 0.2%2,814 / 0.0%+0.003[-0.005, +0.010]1+0.002
Risk Priority511 / 13.33730 / 14.343,909 / 14.172,814 / 13.56+1.618[+1.161, +2.065]2.5e-07+0.284

Parallel-trends check (pre-paper)

Active anomalies — Vulnerability lensAI

→ Auto-detected each daily run. Year-over-year deltas on vulnerability-side metrics (CWE shifts, severity, EPSS pressure) cross threshold → card appears. Resolves when the metric stops triggering.
Technique shift 84%

ATT&CK T1552.001 rising 84% YoY: 217 CVE-associations in H1 2026 vs 118 in H1 2025

view details › first detected 2026-05-12
Technique shift 127%

ATT&CK T1557 rising 127% YoY: 118 CVE-associations in H1 2026 vs 52 in H1 2025

view details › first detected 2026-05-12
Technique shift 142%

ATT&CK T1078 rising 142% YoY: 160 CVE-associations in H1 2026 vs 66 in H1 2025

view details › first detected 2026-05-12
Technique shift 219%

ATT&CK T1552 rising 219% YoY: 188 CVE-associations in H1 2026 vs 59 in H1 2025

view details › first detected 2026-05-12
Technique shift 142%

ATT&CK T1046 rising 142% YoY: 128 CVE-associations in H1 2026 vs 53 in H1 2025

view details › first detected 2026-05-12
Weakness shift 69%

CWE-404 rising 69% YoY: 120 CVEs in H1 2026 vs 71 in H1 2025

view details › first detected 2026-05-08
Technique shift 74%

ATT&CK T1190 rising 74% YoY: 8,337 CVE-associations in H1 2026 vs 4,805 in H1 2025

view details › first detected 2026-05-08
Technique shift 54%

ATT&CK T1210 rising 54% YoY: 312 CVE-associations in H1 2026 vs 203 in H1 2025

view details › first detected 2026-05-08
Technique shift 117%

ATT&CK T1068 rising 117% YoY: 2,509 CVE-associations in H1 2026 vs 1,154 in H1 2025

view details › first detected 2026-05-06
Technique shift 155%

ATT&CK T1499.004 rising 155% YoY: 1,685 CVE-associations in H1 2026 vs 660 in H1 2025

view details › first detected 2026-05-06
Technique shift 137%

ATT&CK T1005 rising 137% YoY: 765 CVE-associations in H1 2026 vs 323 in H1 2025

view details › first detected 2026-05-06
Technique shift 161%

ATT&CK T1204.002 rising 161% YoY: 507 CVE-associations in H1 2026 vs 194 in H1 2025

view details › first detected 2026-05-06
Technique shift 113%

ATT&CK T1485 rising 113% YoY: 143 CVE-associations in H1 2026 vs 67 in H1 2025

view details › first detected 2026-05-06
Weakness shift 10%

CWE-862 rising 10% YoY: 1,242 CVEs in H1 2026 vs 1,133 in H1 2025

view details › first detected 2026-05-06
Weakness shift 65%

CWE-22 rising 65% YoY: 929 CVEs in H1 2026 vs 562 in H1 2025

view details › first detected 2026-05-06
Weakness shift 76%

CWE-78 rising 76% YoY: 556 CVEs in H1 2026 vs 316 in H1 2025

view details › first detected 2026-05-06
Weakness shift 105%

CWE-918 rising 105% YoY: 564 CVEs in H1 2026 vs 275 in H1 2025

view details › first detected 2026-05-06
Weakness shift 66%

CWE-20 rising 66% YoY: 505 CVEs in H1 2026 vs 305 in H1 2025

view details › first detected 2026-05-06
Weakness shift 57%

CWE-98 rising 57% YoY: 395 CVEs in H1 2026 vs 251 in H1 2025

view details › first detected 2026-05-06
Weakness shift 68%

CWE-352 falling 68% YoY: 414 CVEs in H1 2026 vs 1,307 in H1 2025

view details › first detected 2026-05-06
Weakness shift 44%

CWE-863 rising 44% YoY: 418 CVEs in H1 2026 vs 290 in H1 2025

view details › first detected 2026-05-06
Weakness shift 122%

CWE-639 rising 122% YoY: 373 CVEs in H1 2026 vs 168 in H1 2025

view details › first detected 2026-05-06
Weakness shift 83%

CWE-121 rising 83% YoY: 328 CVEs in H1 2026 vs 179 in H1 2025

view details › first detected 2026-05-06
Weakness shift 58%

CWE-476 falling 58% YoY: 365 CVEs in H1 2026 vs 860 in H1 2025

view details › first detected 2026-05-06
Weakness shift 99%

CWE-306 rising 99% YoY: 317 CVEs in H1 2026 vs 159 in H1 2025

view details › first detected 2026-05-06
Weakness shift 0%

CWE-502 rising 0% YoY: 321 CVEs in H1 2026 vs 320 in H1 2025

view details › first detected 2026-05-06
Weakness shift 51%

CWE-122 rising 51% YoY: 315 CVEs in H1 2026 vs 209 in H1 2025

view details › first detected 2026-05-06
Weakness shift 32%

CWE-120 falling 32% YoY: 278 CVEs in H1 2026 vs 408 in H1 2025

view details › first detected 2026-05-06
Weakness shift 18%

CWE-434 falling 18% YoY: 267 CVEs in H1 2026 vs 325 in H1 2025

view details › first detected 2026-05-06
Weakness shift 6%

CWE-362 rising 6% YoY: 230 CVEs in H1 2026 vs 217 in H1 2025

view details › first detected 2026-05-06
Weakness shift 15%

CWE-266 falling 15% YoY: 182 CVEs in H1 2026 vs 213 in H1 2025

view details › first detected 2026-05-06
Weakness shift 96%

CWE-285 rising 96% YoY: 145 CVEs in H1 2026 vs 74 in H1 2025

view details › first detected 2026-05-06
Weakness shift 61%

CWE-401 falling 61% YoY: 160 CVEs in H1 2026 vs 408 in H1 2025

view details › first detected 2026-05-06
Weakness shift 68%

CWE-295 rising 68% YoY: 129 CVEs in H1 2026 vs 77 in H1 2025

view details › first detected 2026-05-06
Technique shift 164%

ATT&CK T1203 rising 163% YoY: 959 CVE-associations in H1 2026 vs 364 in H1 2025

view details › first detected 2026-05-06
Technique shift 204%

ATT&CK T1059.004 rising 204% YoY: 702 CVE-associations in H1 2026 vs 231 in H1 2025

view details › first detected 2026-05-06
Technique shift 61%

ATT&CK T1213.006 falling 61% YoY: 379 CVE-associations in H1 2026 vs 965 in H1 2025

view details › first detected 2026-05-06
Technique shift 211%

ATT&CK T1189 rising 211% YoY: 401 CVE-associations in H1 2026 vs 129 in H1 2025

view details › first detected 2026-05-06
Technique shift 159%

ATT&CK T1059 rising 159% YoY: 326 CVE-associations in H1 2026 vs 126 in H1 2025

view details › first detected 2026-05-06
Technique shift 53%

ATT&CK T1185 rising 53% YoY: 385 CVE-associations in H1 2026 vs 252 in H1 2025

view details › first detected 2026-05-06
KEV velocity 107%

KEV additions accelerating 107% YoY: 31 CVEs added to CISA KEV in 2026-04 vs 15 in 2025-04

view details › first detected 2026-05-06
Exploitation pressure 69%

Σ EPSS of newly-published CVEs falling 69% YoY: 11.4 this month (5,831 CVEs) vs 36.8 same month prior year (4,034 CVEs)

view details › first detected 2026-05-06

Past anomalies (resolved)

Anomalies that triggered on a previous run but no longer do. Showing the most recent 7.

Technique shift 52% resolved 2026-05-12

ATT&CK T1204.001 falling 52% YoY: 140 CVE-associations in H1 2026 vs 289 in H1 2025

view details › first detected 2026-05-06
Technique shift 50% resolved 2026-05-12

ATT&CK T1059.007 falling 50% YoY: 427 CVE-associations in H1 2026 vs 856 in H1 2025

view details › first detected 2026-05-06
Technique shift 50% resolved 2026-05-12

ATT&CK T1539 falling 50% YoY: 190 CVE-associations in H1 2026 vs 381 in H1 2025

view details › first detected 2026-05-06
Technique shift 57% resolved 2026-05-12

ATT&CK T1505.003 rising 57% YoY: 247 CVE-associations in H1 2026 vs 157 in H1 2025

view details › first detected 2026-05-08
Technique shift 52% resolved 2026-05-12

ATT&CK T1059.008 rising 52% YoY: 97 CVE-associations in H1 2026 vs 64 in H1 2025

view details › first detected 2026-05-08
Technique shift 57% resolved 2026-05-08

ATT&CK T1566.002 falling 57% YoY: 52 CVE-associations in H1 2026 vs 121 in H1 2025

view details › first detected 2026-05-06
Weakness shift 11% resolved 2026-05-08

CWE-288 rising 11% YoY: 94 CVEs in H1 2026 vs 85 in H1 2025

view details › first detected 2026-05-06