system: OPERATIONAL
EN FR ES ZH
← back to all hacks
GOVERNANCE MEDIUM NEW

FIRST's mid-year forecast: ~66,000 CVEs in 2026, but exploitable risk stays flat

On June 15, 2026, FIRST revised its 2026 CVE projection to ~66,000 — 46.3% above February — driven mainly by AI-assisted discovery. The actionable subset triaged by EPSS and CISA KEV has not grown at the same rate.

2026-06-19 // 6 min affects: ai-vulnerability-research, vulnerability-management, cve-ecosystem, security-operations

What is this?

On June 15, 2026, at its 38th Annual Conference in Denver, the Forum of Incident Response and Security Teams (FIRST) published its 2026 Mid-Year Vulnerability Forecast. The headline number: roughly 66,000 CVEs projected for the full year, up from the February median of 59,427, and putting annual disclosures on pace to approach 70,000 for the first time in history. Actual disclosures for January–April 2026 are already running 46.3% above the forecast published just four months earlier, with 6,420 excess CVEs recorded through April.

The forecast is interesting to a security audience less for the raw number than for why it moved and what it means operationally. FIRST is explicit that this is not a sign that software became less secure — it is a structural change in our collective ability to find flaws, and AI-assisted vulnerability discovery is a primary driver.

How it works

The forecast is produced with an ExponentialSmoothing model trained on daily CVE publication counts from January 2020 through April 30, 2026, then compared against the February 2026 baseline. The full methodology, live data, and Python scripts are public on GitHub.

FIRST attributes the drift to three structural drivers. First, AI-assisted discovery: autonomous bug-hunting agents such as Anthropic’s Mythos and OpenAI’s GPT-5.4-Cyber have measurably increased the volume of flaws being found. Mozilla is the clearest example — a 164% spike in Q1 CVE disclosures from the Mozilla CNA, tied to an AI harness that found and fixed 271 latent bugs for the Firefox 150 release (see our coverage of Project Glasswing). Second, cataloging expansion: a 449% year-over-year jump in GitHub Security Advisory volume and a 3,119% increase in VulnCheck “CNA-of-Last-Resort” activity, much of it backfilling an unassigned backlog. Third, software growth: the number of distinct products with tracked vulnerabilities has grown by two orders of magnitude, driving workload independently of AI or cataloging changes.

Why it matters

The most useful part of the forecast is a distinction FIRST calls “Rain vs. Flood.” Total CVE volume is the rain. The water that actually threatens to flood the house — vulnerabilities being exploited in the wild or credibly likely to be soon — is a much smaller, separate thing. When you filter the surge down to that actionable set (CISA KEV entries or EPSS scores above 10%), the patching burden has not materially increased. Only a small slice of 2026 CVEs reaches the level where defenders must act fast, and that share has held steady through the year.

For LLM and AI-system operators specifically, two second-order effects matter. AI assistants now generate and deploy throwaway code that carries flaws no CVE registry ever sees, creating risk that lives entirely off the national databases. And the same offensive capability accelerating discovery is also available defensively: FIRST frames late 2026 as a race between AI-built exploit generation and AI-built patch and detection generation. The bottleneck, the forecast stresses, is human capacity to verify, coordinate, and prioritize — not the discovery itself.

Defenses

FIRST’s recommendations translate directly into a triage playbook:

  • Adopt exploitability overlays now. EPSS and the CISA KEV catalog remain the most effective tools to separate signal from noise. Triaging on “is this actually exploited or likely to be” keeps the patching workload manageable without scaling headcount to raw CVE counts.
  • Reframe budgets around software growth, not headlines. The spread of distinct products carrying vulnerabilities drives workload more than any single news cycle, so plan capacity against your asset diversity.
  • Plan for roughly double the maintenance work. Teams that maintain code should expect about twice the verification-and-fix load; teams patching live systems can expect a steady load through end of 2026.
  • Track what the databases miss. AI-generated, short-lived applications need dynamic cataloging, AI bills of materials (AIBOMs), and runtime monitors, since they rarely earn a CVE.
  • Lean into defensive AI. Faster discovery frees effort to fix flaws at the root and potentially eliminate whole vulnerability classes — but a human still has to write the detection signature.

Status

ItemValue (FIRST, June 15, 2026)
Revised 2026 projection~66,000 CVEs
February 2026 median59,427 CVEs
Drift vs. February+46.3% (6,420 excess through April)
GHSA volume (YoY)+449%
VulnCheck CNA-of-Last-Resort (YoY)+3,119%
Actionable subset (KEV / EPSS >10%)Flat
CISA KEV entries (May 1, 2026)1,587
CVEs with EPSS scores (May 1, 2026)329,934

Key dates: February 11, 2026 — baseline 2026 forecast. June 15, 2026 — mid-year revision to ~66,000 CVEs.

Sources