AI turned CVEs into security metadata. Maybe it’s the cold shower the industry needed.

CVE numbers are breaking records. They have also stopped meaning anything.

What was once the industry’s shared language for risk has collapsed under its own volume. Not because the vulnerabilities aren’t real — they are. But because when everything is flagged, nothing is.

This is the Mythos era. Anthropic named the capability, but it belongs to many. Most existing LLMs — closed and open source — can find vulnerabilities in code. Mythos may be a step ahead, but assume that gap closes in weeks.

We took 30 CVEs attributed to Mythos and ran them through multiple open source and commercial LLMs. We gave each model the vulnerable function, no context, one prompt: find vulnerabilities.

The results were consistent across the board. Llama, DeepSeek, Qwen, Mistral, GPT, Claude — virtually every model identified the same vulnerabilities Mythos found, given identical context. Some needed a few retries. Some didn’t.

More speed, more noise

What AI did is take hold of both ends of the pipeline. The same technology writing code at never-before-seen speed is also scanning that code for vulnerabilities. Production accelerates. Discovery accelerates with it. The result is a faster treadmill, with CVEs pushed into production and found in live environments at a pace no human team can respond to.

Anthropic’s own Project Glasswing makes the point better than any critic could. In its first month, Mythos Preview found more than 10,000 high or critical-severity vulnerabilities across partner codebases. Cloudflare alone received 2,000 bug reports. Some open-source maintainers asked to slow down. The bottleneck, Anthropic acknowledged, is no longer discovery — it’s human capacity to verify, disclose, and patch.

AI made vulnerabilities a commodity. And when findings become a commodity, the CVE – as a unit of risk – stops being useful.

The problem AI didn’t solve

No industry standard or infrastructure was built for this environment.

Earlier this year, MITRE’s federal funding for the CVE program nearly lapsed — a system that was already struggling with a 32% jump in submissions in 2024, according to NIST, with the backlog continuing to grow.

Caught in the middle are security teams — whose prioritization problem was already grim. In OX Security’s latest Application Security Benchmark report, only 1.08% of findings correlated with actual risk. As volume rises, finding the needle only gets harder.

And so – something must change – starting with the unit of analysis.

Enter: the CoE (Chain of Exploit).

The Chain is bigger than the sum of its parts

A single vulnerability rarely compromises a system. What compromises systems is a chain — a sequence of individually manageable issues that, connected in the right order, produce something far more dangerous than the sum of their parts.

OX research team disclosed exactly this kind of chain in DataEase, an open-source BI platform with over 23,000 GitHub stars. The chain started with CVE-2026-23958, a critical authentication bypass (CVSS 9.8) we disclosed at RSAC 2026. After the conference, we kept pulling the thread.

What we found were three additional vulnerabilities, none of them individually alarming:

CVE-2026-40899, CVSS 6.5: JDBC blocklist bypass via a Lombok-generated setter — arbitrary file read, leaked database credentials.
CVE-2026-40900, CVSS 8.8: SQL injection in a previewSql endpoint, chained with the blocklist bypass — full read/write access to the application database.
CVE-2026-40901, CVSS 8.8: Quartz deserialization. Arbitrary SQL execution overwrites a scheduled job with a Commons Collections gadget chain. When the cron fires — every six minutes — root reverse shell.

The full chain, starting from the authentication bypass, is exploitable without any credentials.

In isolation, some of these vulnerabilities would have not even tripped an alarm. What makes them dangerous is architectural context – understanding how a Lombok annotation interacts with Jackson deserialization, how that enables JDBC parameter injection, how that connects to a SQL endpoint, how that endpoint reaches a Quartz scheduler, and how that scheduler sits on a classpath with a known gadget library. No single-file vulnerability scan sees that picture.

That is precisely what makes it a CoE — a Chain of Exploit that only becomes visible, and dangerous, when read as a whole.

Where offensive capability is actually heading

Independent research from Carnegie Mellon confirms the trajectory. ExploitBench, developed by Seunghyun Lee and Prof. David Brumley, measures not whether an AI agent can find a vulnerability, but how far it can climb the exploitation ladder — from reaching vulnerable code, through triggering the bug, building exploit primitives, all the way to arbitrary code execution against a production JavaScript engine with the security sandbox enabled.

Full arbitrary code execution — the top rung — was reached by exactly two model lines. GPT-5.5 managed it on two CVEs. Mythos managed it on 21 of 41 tested, at 51%.

Weaponization — building a working CoE that defeats multiple layers of defense — is still hard and expensive per episode. But the direction is clear, and the gap between finding a vulnerability and chaining it into a working exploit is closing faster than most security programs are built to respond to.

Understanding is key

Much like the difference between data and insight – the CVE era rewarded finding. The Mythos era rewards understanding: Is this function reachable from an external surface? What does the authentication boundary actually protect, and what sits behind it? What libraries share this classpath? What jobs run on a schedule with elevated privilege? Does this medium-severity finding sit at the base of a chain that leads somewhere critical?

Context is the differentiator. Organizations with the clearest picture of which findings connect to real attacker paths in their specific environment are best armed for what’s to come.

The industry must accept the CVE as a commodity – a necessary baseline. It has been demoted to security metadata: the what, but never the why.

In the Mythos era, if you aren’t defending the chain, you aren’t defending at all.

The post The CVE Is Dead. Long live the Mythos Era. appeared first on OX Security.