AI Companies To Play Bigger Role in CVE Program, Says CISA

Staff Editor 2026-04-15
AI Companies To Play Bigger Role in CVE Program, Says CISA

AI Companies To Play Bigger Role in CVE Program, Says CISA

https://www.infosecurity-magazine.com/news/ai-companies-to-play-bigger-role/

Publish Date: 2026-04-15 06:30:00

Source Domain: www.infosecurity-magazine.com

AI companies like OpenAI and Anthropic should play a bigger role in software vulnerability disclosures in the future, according to a leader of the world’s largest vulnerability disclosure scheme.

Speaking at the opening of VulnCon26 in Scottsdale, Arizona, on April 14, Lindsey Cerkovnik said AI companies “should be better represented” in the Common Vulnerabilities and Exposures (CVE) program.

As chief of the Vulnerability Response & Coordination (VRC) Branch at the US Cybersecurity and Infrastructure Security Agency (CISA), sole sponsor of the MITRE-run CVE program, Cerkovnik and her team manage coordinated vulnerabilities disclosures for the CVE program.

She acknowledged that the program has faced a rapid growth of reported vulnerabilities over the past year and that the evolution of AI platforms will likely accelerate that growth.

“With the arrival of new AI tools, some helping discover valid vulnerabilities, others perhaps finding things with less value, we’re at a turning point,” Cerkovnik said.

Anthropic, OpenAI Speed Up on AI-Powered Vulnerability Research

Cerkovnik’s VulnCon speech came just a few days after the launch of Claude Mythos Preview, Anthropic’s new large language model (LLM) that promises to autonomously find and fix cybersecurity vulnerabilities at scale.

Today, Mythos is only available to the 40 members of Project Glasswing. 

In testing, the model allegedly discovered thousands of zero-day vulnerabilities which had not previously been identified.

The model also autonomously found and chained several vulnerabilities in the Linux kernel, software used to run most of the world’s servers, which would allow an attacker to escalate from ordinary user access to complete control of a machine

Upon testing Mythos Preview in a simulation environment, researchers at the UK’s AI Security Institute (AISI) said they “cannot say for sure” whether Mythos Preview would be able to successfully attack “well-defended…

Source

More Stories

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Accelerating cloud-powered cybersecurity learning with IBM Cyber Campus and AWS

Staff Editor 2026-06-07
DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

Staff Editor 2026-06-07
Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Staff Editor 2026-06-07

Terms and Conditions - Privacy Policy