The Varunpocalypse has begun.
Palo Alto Networks, which typically discovers five vulnerabilities a month, announced Wednesday that it found 75 security holes covered by 26 CVEs after scanning the entire code case using the latest Frontier models, including Anthropic’s Mythos.
The announcement comes a day after Microsoft announced it had discovered 17 vulnerabilities across its products using a new agent bug hunting system called MDASH. The city of Redmond released a record-setting 30 major CVEs on Tuesday.
Additionally, Mozilla announced last week that it fixed 423 Firefox bugs in April. This is more than five times more than the 76 amendments issued in March and almost 20 times more than last year’s monthly average of 21.5. The browser maker previously announced that Mythos had discovered 271 flaws in Firefox 150.
It shouldn’t be that shocking. Security vendors have long warned that attackers are using AI, and that this means defenders need to operate at AI speeds (i.e., buy products that incorporate AI) to protect their networks and systems.
Triage, disclosure, building non-disruptive patches, and getting customers to deploy them is an expensive end goal, and no one is funding this volume.
Now that models have gotten so good at finding bugs in code, security shops want to use AI to scan their software to find and fix flaws before the bad guys do. And this affects two things. Adding patches and increasing administrator work.
Dustin Childs, lead vulnerability finder at Zero Day Initiative, agrees with this assessment.
“At first, yes, this means more patches and therefore more work for administrators,” he said. register. “The long-term goal is to eliminate as many people as possible, and over time, the number per month will decrease.”
What makes this whole AI bug-hunting season “really painful,” he continued, is when a patch doesn’t work, or worse, something goes wrong.
“Many customers don’t trust patches out of the box, so if an AI-related patch causes an issue, it becomes less likely to be patched over time,” Childs added. “This is true even if the AI only finds bugs and doesn’t create patches.”
Bug hunting using steroids
This is not to say that security companies should avoid AI to find and fix flaws. “Every vendor should use whatever tools they have to find and fix bugs before they can be exploited in the wild,” Childs said. “Ideally, we’d find bugs before shipping, but we’re not holding our breath until that happens.”
Microsoft and Palo Alto Networks (PAN) are both part of Anthropic’s Project Glasswing, meaning they are among a select group of entities allowed to test Mythos, a highly touted LLM, to find security holes in their products.
Palo Alto Networks began testing Mythos on April 7 and has continued to use LLM and other frontier models such as Claude Opus 4.7 and OpenAI’s GPT-5.5-Cyber since then, according to product manager Lee Klarich.
“Today, we announced the May Patch Wednesday security advisory,” Kralich said in a blog post Wednesday, adding, “This is the first time that the majority of our discoveries are the result of Frontier AI models scanning our code.”
LLM scanned over 130 Palo Alto Networks products and platforms and found 75 issues covered by 26 CVEs as described above.
None of these bugs have been exploited, and as of Wednesday, the company has fixed all bugs in its SaaS offerings and coded patches for all products operated by customers.
Possibly 5 months before “AI-driven abuse of the new norm”
“We intend to remediate all vulnerabilities found before advanced AI capabilities are widely available to adversaries,” Kralich said in a blog post, adding that the company expects “a narrow three- to five-month window for organizations to outpace adversaries before AI exploits begin to become the new norm.”
A day earlier, Microsoft announced that its new Multi-Model Agent Scanning Harness (codenamed MDASH) helped researchers discover 16 new vulnerabilities across the Windows networking and authentication stack, as revealed at May’s Patch Tuesday event. This included four critical remote code execution flaws in components such as the Windows kernel TCP/IP stack and the IKEv2 service.
“Unlike single-model approaches, this harness orchestrates more than 100 specialized AI agents across an ensemble of frontier and extracted models to discover, discuss, and prove exploitable bugs end-to-end,” Taesoo Kim, Microsoft vice president of agent security, said in a blog on Tuesday.
Tom Gallagher, vice president of engineering for the Microsoft Security Response Center, acknowledged that “this month’s releases are among the larger hotpatch months.” Gallagher said he expects AI-assisted bug hunting to increase Patch Tuesday releases, as both Microsoft and third-party researchers use these tools to expedite vulnerability discovery.
And yes, all of this ultimately means more patches and more work.
More patches = more work
“Finding bugs has always been the cheap end of the pipeline,” says Luta CEO Katie Moussouris. register. “Triage, disclosure, building a non-disruptive patch, and getting customers to adopt the patch are expensive end goals, and no one is funding this amount of money.”
Moussouris helped convince city officials in Redmond that Microsoft needed a bug bounty program in 2013, and three years later started her own bug bounty consulting firm.
She noted Palo Alto Networks’ impressive increase in CVE this month. “When you multiply this across all vendors, the bottleneck becomes the administrator and the vulnerability management team,” Moussoulis said.
And he also emphasized that people need to use these new models to find vulnerabilities. “That’s exactly what a defender should do,” Muslie said.
“PAN and Microsoft both arrived at the same answer. No single model can tell you everything. PAN ran Claude Mythos, Claude Opus 4.7, and GPT-5.5-Cyber because each finds bugs that the other model misses,” she added.
“Microsoft has more than 100 specialized agents across multiple models. When we add threat intelligence and codebase context, Microsoft rediscovers 96 percent of bugs seen in critical Windows components over a five-year period. This asymmetry is temporary, and because PAN uses an adversary parity of three to five months, vendors who aren’t currently scanning their code will rely on someone else to find bugs first.”®
