Vulnerable Vibes - Verizon's DBIR, Mythos, and the AI Vulnpocalypse

Vulnerabilities take center stage in the 2026 Verizon DBIR

The 19th edition of the Verizon Data Breach Investigations Report represents data from investigations of more than 31,000 real-world security incidents and over 22,000 confirmed breaches across 145 countries. The headline finding is straightforward: Exploitation of vulnerabilities has now become the most common initial access vector in the dataset. Verizon found that vulnerability exploit for initial attacker access was responsible for 31% of all breaches researched over the past year - a number that was as low as ~6% in 2022. The 55% year over year relative jump should make us stop and think about the strategies we are implementing to mitigate risk of vulnerabilities.

If you look a layer deeper, you may remember the slew of high-profile remote code execution vulnerabilities in edge or internet-facing network appliances revealed in the past year including significant vulnerabilities in SonicWall, Fortinet and Palo Alto devices which attackers leveraged en masse. Besides firewalls, we also saw exploited vulnerabilities in NetScalers and other ubiquitous, public facing infrastructure. On the interior of the network, Chrome (and chromium based browsers) had a notably bad year as there were seven separate CVEs which are known to be exploited released in 2025. Bottom line is that threat actors had a treasure trove of new and shiny vulnerabilities to select from to get their tentacles into your networks.

The report also shed light on patching effectiveness of known exploited vulnerabilities which are on the CISA Known Exploited Vulnerabilities catalog (CISA KEV). Verizon found that the rate of fully remediating this subset of vulnerabilities fell from 38% to only 26%, further showing that organizations are falling behind in their patching.

Another key finding established that while newly released vulnerabilities may have patching urgency, much older vulnerabilities are still being exploited by threat actors. Verizon combined threat intelligence data with machine-learning clustering to categorize each vulnerability on the CISA KEV list based on exploitation frequency (Rare, Occasional, Frequent, and Persistent). Verizon found that nearly 50% of vulnerabilities in the CISA KEV are considered to be persistently exploited which means that exploitation has been observed on ~96% of days over the past 12 months. Of the vulnerabilities that are categorized at persistently exploited, only 20% of them were added to the CISA KEV catalog in 2024 or 2025, meaning roughly 80% predate 2024. This means that much older vulnerabilities are being exploited by threat actors to gain and spread access within organizations. This highlights the importance of making sure that you are not employing a "go forward" strategy to only patch new vulnerabilities. If you have a maturing patching program and never had a deep vulnerability assessment to detect old vulnerabilities across your infrastructure, it may be just as important (if not more) as patching the latest and greatest bugs.

You (AI)n't seen nothing yet

To compound the issue, we may be on the verge of a vulnerability discovery revolution as frontier AI models like Anthropic's Claude Mythos purportedly have become extremely effective at detecting novel vulnerabilities. Anthropic has reported that its internal testing with Mythos has shown such a dramatic step forward in vulnerability discovery and exploit writing that it couldn't be released to the general public out of fear that it would be unsafe because threat actors could leverage it to hack critical technology infrastructure across many different verticals.

Anthropic's internal Frontier Red Team reported some shocking findings from their Mythos testing including: - Mythos discovered a 28-year old denial of service vulnerability in OpenBSD, an operating system that is well known for its robust security - Mythos discovered a 16-year old vulnerability in FFmpeg, a software ubiquitous in video encoding and decoding applications - Discovered a Guest-to-Host memory corruption bug in an unnamed hypervisor (unnamed due to the patch not being available yet)

Perhaps more terrifying, the team reported a drastic increase in Mythos' ability to exploit vulnerabilities which it found compared to the previous incarnation of Anthropic models. Mythos autonomously found and chained together several vulnerabilities in the Linux kernel which enabled privilege escalation from a normal user to root. In another internal test, they found that Mythos was able to successfully and autonomously create an exploit for a previously unknown vulnerability in Firefox 147 72% of the time. The previous frontier model, Opus 4.6, was only able to develop an exploit for the vulnerability <1% of the time. All this from a model which was never created or designed for cybersecurity application.

In concurrence with these announcements, Anthropic announced Project Glasswing, a limited preview release of the Claude Mythos model to a dozen security and technology companies. The goal of Glasswing was to purportedly allow for these companies to use the generative AI tool to discover vulnerabilities across the industry and responsibly disclose them to the respective product developers with the goal to have the discovered vulnerabilities patched before bad guys could get their hands on this next generation of models. The results of this project are starting to come in...

Publicity stunt or preview? Why not both!?!

It's clear to many in the naturally skeptical Cybersecurity community that Project Glasswing served Anthropic's business interests at least partly, if not primarily. The too dangerous to release model definitely generated a lot of publicity and has made Anthropic THE name in the eyes of many when they think of AI companies. In fact, a recent funding round made Anthropic the highest valued AI company in the world at ~$900 billion (with a 'B') dollars, surpassing OpenAI's latest $700 billion dollar valuation. While much of Anthropic's perceived value is tied to its impressive AI coding agent, Claude Code, and its handy Claude Cowork Desktop application, it's clear that the mythos around Mythos captivated Wall Street and private investors alike. With the business aspects of Mythos aside, there is now some real data we can look at to see what actually came out of Project Glasswing.

Palo Alto, one of the selected companies to get access to the new model, started testing with Mythos (and other frontier models) on April 7th, 2026. They reported in less than 3 weeks the models had accomplished the equivalent of a full year of human penetration testing. Further, they reported that the frontier models are extremely good at finding multiple lower severity vulnerabilities and chaining them together to find a critical exploitation path. Their most recent release for their product portfolio included 5x the number of CVEs of their average which they attribute to use of frontier AI models.

Microsoft, Cloudflare, Oracle and others suggested similar increases in vulnerability discovery across their products. Microsoft suggested that they expect to see CVEs revealed on Patch Tuesdays to be higher than normal for some time. Cloudflare reportedly discovered 400+ high and critical bugs across their critical path systems. Cloudflare reported that a lot of the issues found were also found by other frontier models like GPT-5.5 but Mythos took it a step further by understanding potential connections between multiple vulnerabilities to achieve more impactful compromise.

Anthropic also unleashed Mythos on 1,000 open source projects which underpin much of the internet as we know it. They reportedly discovered 6,202 high or critical previously unreported security vulnerabilities across those projects. Anthropic worked with six "independent" security research firms to assess their findings. The firms have assessed 1,752 of the findings and suggested that greater than 90% of the reported vulnerabilities were confirmed legitimate.

One thing that we would point out is that all the members of Project Glasswing have an agenda. Each one of them is ready to sell you some security product to help you brace for the incoming onslaught of vulnerabilities and AI-enabled threat actors. Unfortunately a large portion of the security industry is based on a repetitive cycle of fear mongering and novel product acronyms to save you from tomorrow's boogeyman. While there is definitely legitimate risk associated with new threats, the constant FUD makes it difficult to determine what is predatory sales strategy and what is a legitimate need.

However, another data point is the year over year number of vulnerabilities various products are releasing. It is clear that certain projects have started to see massive upticks in the number of vulnerabilities discovered in their code. For instance, Chrome had a particularly bad 2025 with almost 300 unique vulnerabilities discovered in the product. However, in only 5 months of 2026, 625 unique vulnerabilities have been discovered in Chrome. A pace which would put them at approximately 1500 vulnerabilities by end of year - a 5x increase from 2025.

Open (free) models aren't far behind

While frontier models may be what is making a big splash in the headlines, there is a dangerous undercurrent that may be where the real risk lies. Just like everyone else, threat actors have finite resources. They make the same ROI calculations as everyone else in their professional and personal life. A hacker has to consider whether his time or resources are worth the eventual prize of the hack. This is where they will encounter limitations with the current frontier models. Poring through vast amounts of code with Opus 4.8 or GPT-5.5 can get a little pricey. If the attacker has to go through millions of costly Claude tokens to maybe discover a vulnerability that would be impactful, the juice may not be worth the squeeze. This is even more true after a lot of low hanging fruit has already been discovered through Project Glasswing or other similar AI vulnerability discovery activities. For reference, Anthropic committed $100 million dollars in token credits for Glasswing. More friction is added for threat actors because these models all have built-in safety restrictions that refuse harmful requests like writing exploits or other potentially harmful actions.

However, while the premium frontier models may always be a step ahead, the open weight models are becoming more and more relevant and are now only a few months behind Claude, GPT, and Gemini. Models like Llama, DeepSeek, Kimi, MiniMax and others tend to only lag behind the frontier models by 3-6 months and only require compute (no token fees) to run. Further, the "mini" versions of these models, which require a fraction of the compute power to run, are also gaining impressive traction.

In short, attackers will have less investment necessary to achieve the return. That means they will have more opportunity to go after smaller, less prominent targets where the return may not be as big but it's now cost justified.

"But my last vulnerability report already had thousands of findings!"

While we understand the urge to throw your hands up in the air and give up on patching, we believe it's not the time to throw in the towel. The fact that threat actors can use AI to discover AND exploit vulnerabilities with a couple prompts is going to make it more important than ever to have a mature vulnerability management program. While there may be a lot of hype around Mythos and the frontier models, it's clear that AI will have a profound impact on finding security flaws in code and it is accelerating.

The question becomes,

"How do we deal with the AI vulnpocalypse when we are already drowning in patches?"

Most organizations don't have the budget to double their patching teams. The problem compounds itself when an organization doesn't partner with experienced security professionals who can help guide remediation priority. If you are simply trying to spam patch all the critical or high severity vulnerabilities that show up in your patch report, you will soon find yourself perpetually behind and not necessarily moving the needle in regard to risk mitigation. It is more important than ever to ensure you have the right guidance to focus on the things which matter most. Helios Security delivers low-friction, risk-prioritized vulnerability assessments which help you focus on the top action items vs dealing with a mind numbing 50 page report from your vulnerability management tool or current security partner. We surface vulnerabilities attackers are actually using to compromise organizations. If you need to enhance your vulnerability program or are looking to start one, please reach out.

Final thoughts from Helios Security

AI is here and it's here to stay. It will no doubt drastically change the industry and how vulnerabilities are discovered, disclosed, and exploited. The 2026 DBIR is the early evidence that the ground has already shifted under us, but the takeaway isn't panic. The fundamentals haven't changed - the volume and velocity have. Attackers now have cheaper, faster tools to find a way in, which means the gap between "a vulnerability exists" and "a vulnerability is being exploited" is shrinking fast. Organizations that try to keep up by simply patching everything will burn out their teams and still fall behind, because effort spent on the wrong fixes doesn't reduce real risk. The winning move is to get sharper about prioritization: know what's actually exposed, understand what attackers are genuinely using, and fix those things first. That's not a bigger patching team - it's better guidance. At Helios Security, we help you cut through the noise and the FUD, focus on the vulnerabilities that actually put you at risk, and build a vulnerability management program that scales with the threat instead of drowning under it. The AI vulnpocalypse may be coming, but with the right strategy, it doesn't have to be yours.

References

https://www.verizon.com/business/resources/Te0b/reports/2026-dbir-data-breach-investigations-report.pdf https://red.anthropic.com/2026/mythos-preview/ https://www.anthropic.com/glasswing https://www.anthropic.com/news/mozilla-firefox-security https://www.anthropic.com/research/glasswing-initial-update https://epoch.ai/data-insights/open-closed-eci-gap