AI Drives 2026 Vulnerability Forecast to 66K CVEs, But Risk Stays Flat

The numbers look alarming at first glance. According to the 2026 vulnerability forecast from the Forum of Incident Response and Security Teams (FIRST), disclosures could reach roughly 66,000 CVEs this year. That revised figure sits 46.3% above the original projection, an excess of more than 6,400 CVEs. Yet FIRST urges defenders to stay calm rather than panic.

Why the sudden jump? In short, a structural shift is reshaping how the industry finds software flaws. The 2026 vulnerability forecast calls this moment the “AI Epoch.” Moreover, it argues that raw discovery volume no longer reflects real danger.

FIRST backs this up with a striking finding. More CVEs now ship with each product version, yet release schedules hold steady. In other words, “more CVEs are being shipped with each version update,” even as update cadences stay the same.

AI Supercharges Vulnerability Discovery

The biggest driver is autonomous AI bug hunting. The report names Anthropic’s Mythos agent and OpenAI’s GPT-5.4-Cyber as key forces. Consequently, the volume of identified flaws has accelerated massively.

One example stands out clearly. Mozilla recorded a 164% spike in first-quarter disclosures. FIRST links that surge to Anthropic’s Project Glasswing, which uses the unreleased Mythos Preview agent. In turn, the effort helped identify and fix 271 bugs for the Firefox 150 release.

Structural Drivers Beyond AI

However, AI is not the only force inflating the totals. GitHub Security Advisories jumped 449% year over year after expanding its curation team. Meanwhile, VulnCheck climbed a staggering 3,119% as a “CNA of Last Resort” absorbing the unassigned backlog. The report also highlights the raw growth of software worldwide. Therefore, the 2026 vulnerability forecast reflects far more than smarter tooling.

Rain vs. Flood: Volume Is Not Risk

Here lies the reassuring part. FIRST separates total volume from actionable risk through a vivid “Rain vs. Flood” analogy. The heavy rainfall represents every disclosed CVE. The flood, by contrast, represents the flaws that truly threaten live systems.

When the team applies an exploitability overlay, the picture calms considerably. Only about 6.5% of 2026 CVEs appear in the CISA KEV catalog or carry an EPSS score above 10%. As a result, the patching burden stays flat despite the rising tide. In the report’s words, “the actual flooding risk has not changed.”

The attack surface is expanding too. New CPE strings added in the first half of 2026 already exceeded the prior peak by 2.6 times. So the diversity of vulnerable products, not just the count of CVEs, is driving heavier workloads.

The Real Bottleneck Is Human

If discovery is no longer the limiting factor, what is? According to FIRST, the answer is people. The constraint is “no longer discovery,” but the human capacity to verify, coordinate, and patch each finding. The team also expects a crunch in writing detection signatures for exploitation. After all, analysts still take vacations and still get sick.

Defensive AI may ease that pressure, though. Specialized models such as GPT-5.4-Cyber could sharply compress mean time to remediate. So the defining story of late 2026 may become a race between AI-accelerated exploits and AI-accelerated patching.

A New Blind Spot: Ephemeral Software

The forecast also warns about “ephemeral instant software.” These bespoke, AI-generated apps deploy on demand and rarely reach any CVE registry. Nevertheless, they introduce real localized risk. To cope, FIRST recommends dynamic cataloging through AI-BOMs and runtime monitors.

What Defenders Should Do Now

The report closes with practical advice. Software maintainers should prepare to ship more patches per security release. Asset owners, by contrast, should budget around software growth rather than raw CVE counts. Above all, teams should lean on exploitability overlays so analysts focus only on genuine threats. This calm, data-driven posture defines the report’s core message. You can read the full analysis in the FIRST vulnerability forecast update.