AI companies have been making bold claims about their models' ability to find software vulnerabilities. Epoch AI just built the tool to check whether those claims are bearing out in public data. The research organization launched its Cyber Vulnerabilities Explorer, a free interactive dashboard that visualizes every Common Vulnerability and Exposure (CVE) reported to the CVE Program since 2022 , and the chart tells a striking story.

What it is and how to use it

The explorer pulls from the CVE Program's public repository and lets you slice the data in several useful ways:

• Filter by all reporting organizations or zoom into 21 notable vendors and open-source projects, including Microsoft, Google, Apple, Linux, Mozilla, and Apache
• Break down disclosures by CVSS severity level: Critical (9.0–10.0), High (7.0–8.9), Medium, Low, and Unknown
• Switch between weekly, monthly, and quarterly views, with optional trend lines
• Overlay key AI milestones directly on the chart , including the announcement of Claude Mythos Preview
• View individual High and Critical CVE records from notable vendors in a table view, each linking back to its official CVE entry

It's free, requires no login, and the underlying data is available for download under a Creative Commons Attribution license. If you want to cite it, Epoch AI provides both a standard citation and a BibTeX entry on the page.

The spike that prompted the tool

The explorer visualizes the announcement date of Claude Mythos Preview (April 7, 2026), which coincided with a large jump in the number of new vulnerability reports. That jump is not subtle. Chrome reported a 563.2% increase in disclosure volumes year-to-date, VMware a 180.9% jump, and Apache 170.3%. GitHub CVE issuance is also up significantly year-to-date (+476%), with GitHub indicating the increase is spread across many reporters and projects rather than concentrated in one source.

The backdrop matters here. The cumulative drift in CVE volume is currently +46.3% above the original forecast for 2026, an excess of 6,420 CVEs, leading to a revised 2026 projection of roughly 68,000 CVEs. AI-assisted discovery has increased the chances that we see what many people would consider an extreme number of vulnerabilities this year.

What caused the surge: Anthropic's Project Glasswing

The proximate cause of the sharpest uptick is Project Glasswing, Anthropic's coordinated vulnerability disclosure initiative powered by Claude Mythos Preview , an unreleased frontier model that Anthropic has declined to make publicly available. Claude Mythos Preview is a general-purpose, unreleased frontier model that reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.