AI-driven Vulnerability Surge: Enterprise Security Risk Grows
Summary
Open-source maintainers are receiving more vulnerability reports than they can handle, with many now coming from AI systems. Over about two months this spring, Anthropic’s Claude Mythos Preview identified 1,596 verified vulnerabilities across hundreds of projects. Six external security firms triaged these findings, confirming a 90.8% true-positive rate. What's interesting is that the AI model often graded issues as more critical than human maintainers. Here's the thing: while discovery runs at roughly 25 verified vulnerabilities per day, credited repairs move at only about one and a half. This creates a backlog, which researchers call the vulnerability deficit, with the pile of open issues widening by about two dozen daily. Maintainers are responsive, acknowledging reports in less than a day, but acknowledgment and repair are far apart. Only about 6% of disclosed vulnerabilities had an upstream patch at the time of study. The bottom line is that the span from private disclosure to a deployed enterprise fix can take between three and five months, leaving enterprises exposed for extended periods.
This is an AI-generated audio summary. Always check the original source for complete reporting.