AI Companies Like OpenAI and Anthropic to Play Bigger Role in CVE Program, Says CISA

The world’s largest vulnerability disclosure scheme is opening its doors wider to artificial intelligence firms. According to a senior leader at the US Cybersecurity and Infrastructure Security Agency (CISA), AI companies like OpenAI and Anthropic should take on a more prominent role in software vulnerability disclosures. This call comes as the Common Vulnerabilities and Exposures (CVE) program braces for an unprecedented surge in reported flaws, driven partly by AI-powered discovery tools.

Speaking at VulnCon26 in Scottsdale, Arizona, Lindsey Cerkovnik, chief of CISA’s Vulnerability Response and Coordination (VRC) Branch, emphasized that AI companies “should be better represented” within the CVE program. As the sole sponsor of the MITRE-run initiative, CISA manages coordinated vulnerability disclosures for thousands of organizations worldwide. Cerkovnik acknowledged that the program has experienced rapid growth in reported vulnerabilities over the past year, and the evolution of AI platforms will likely accelerate that trend. “With the arrival of new AI tools, some helping discover valid vulnerabilities, others perhaps finding things with less value, we’re at a turning point,” she said.

Why AI Companies Are Key to Vulnerability Disclosures

The push for AI companies to join the CVE program comes at a critical moment. Just days before Cerkovnik’s speech, Anthropic launched Claude Mythos Preview, a large language model (LLM) designed to autonomously find and fix cybersecurity vulnerabilities at scale. Currently available only to the 40 members of Project Glasswing, the model allegedly discovered thousands of zero-day vulnerabilities during testing, including several in the Linux kernel that could allow attackers to escalate from ordinary user access to complete control of a machine.

Similarly, OpenAI released GPT-5.4-Cyber on April 14, a version of its GPT-5.4 model fine-tuned for cybersecurity use cases and available exclusively to members of its “Trusted Access for Cyber Defense” program. These developments highlight the growing role of AI in vulnerability research. However, researchers at the UK’s AI Security Institute (AISI) noted that after testing Mythos Preview, they “cannot say for sure” whether it would successfully attack “well-defended systems.” This caution underscores the need for responsible disclosure practices.

CVE Program Faces Record Growth in 2026

The CVE program already counts 327,000 unique records to date, and the pace of disclosures is accelerating. Jerry Gamblin, principal engineer at Cisco Threat Detection and Response, observed that 18,247 vulnerabilities were reported in the first quarter of 2026 alone, a 27.9% increase from the same period in 2025. On average, 174 CVEs are reported daily this year, compared to 132 in 2025.

In February 2026, the Forum of Incident Response and Security Teams (FIRST), which co-hosts VulnCon with the CVE program, forecast a record-breaking 50,000 additional CVEs in 2026. Gamblin expects even higher numbers, predicting 70,135 CVEs by year’s end, a 45.6% growth rate from 48,171 in 2025. This surge is partly driven by AI tools that can identify vulnerabilities faster than traditional methods. Therefore, integrating AI companies into the CVE program could help manage this influx more effectively.

AI Companies as Official Vulnerability Reporters

Cerkovnik’s call for closer integration aligns with the CVE program’s broader diversification strategy. In July 2025, the program launched two new forums: the CVE Consumer Working Group (CWG) and the CVE Researcher Working Group (RWG). One key objective is to increase the number of CVE Numbering Authorities (CNAs)—organizations authorized to publicly disclose vulnerabilities and assign CVE identifiers. As of March 2026, the program has over 500 contributors, with 502 CNAs registered.

Diversification also means internationalization, with more European-based CNAs expected to be vetted in the future, according to Nuno Rodrigues Carvalho, head of sector for Incidents and Vulnerability Services at the European Cybersecurity Agency (ENISA). His colleague, Johannes Kaspar Clos, a responsible disclosure expert at ENISA, said he would welcome AI companies becoming CNAs. “We need to include a diverse crowd of cybersecurity practitioners, from product and national CERTs and CSIRTs to researchers and vulnerability finders. Anthropic is one example of a company who identified vulnerabilities and therefore, is of course rightfully mentioned in being a potential CNA,” Clos explained.

However, Clos expressed caution about the speed of AI tool launches. While he welcomed Claude Mythos and similar tools, he said he would have preferred their capabilities to be disclosed “before the products are pushed to the market.” He added, “Security testing should be implemented before users are put at risk.” This sentiment reflects a broader need for responsible innovation in AI-powered vulnerability research.

CISA’s Commitment to the CVE Program

Cerkovnik reaffirmed that the CVE program is “a top priority” for CISA and the US Department of Homeland Security (DHS). She assured that funding for the program is secure, stating, “Contracts and funding for the CVE program are secure. Funding has never been an issue.” However, she noted that DHS remains technically in a shutdown situation, which complicates decision-making at CISA, including spending on outreach activities like her attendance at VulnCon.

Building on this, the CVE program’s expansion to include AI companies could help address the growing volume of vulnerabilities while ensuring responsible disclosure practices. As the cybersecurity landscape evolves, collaboration between traditional vulnerability researchers and AI firms will become increasingly important. For more on CISA’s roadmap, read CISA Launches Roadmap for the CVE Program.

In conclusion, the integration of AI companies into the CVE program represents a natural evolution for the vulnerability disclosure ecosystem. With record-breaking numbers of CVEs expected in 2026, and AI tools capable of discovering flaws at an unprecedented scale, the time is ripe for these firms to become official partners. The challenge will be balancing speed with security, ensuring that innovation does not come at the cost of user safety. For more insights on AI’s role in cybersecurity, check out AI-Powered Vulnerability Research Trends.

Critical Nginx-ui MCP Flaw Actively Exploited in the Wild

A critical nginx-ui MCP flaw is being actively exploited, putting thousands of servers at risk. Tracked as CVE-2026-33032, this authentication bypass vulnerability carries a CVSS score of 9.8, making it one of the most severe threats currently facing system administrators. Discovered by Pluto Security, the flaw allows any network-adjacent attacker to take full control of an nginx server through a single unauthenticated API request.

Understanding the Nginx-ui MCP Flaw: Root Cause and Impact

So, what exactly went wrong? The vulnerability stems from a missing function call in the Model Context Protocol (MCP) implementation. Nginx-ui recently added MCP support, which splits communication across two HTTP endpoints. The /mcp endpoint properly includes both IP whitelisting and authentication middleware. However, the /mcp_message endpoint—which processes every tool invocation, including configuration writes and server restarts—shipped without any authentication check.

This omission exposes 12 MCP tools to unauthenticated callers. Seven of these are destructive, enabling attackers to inject nginx configurations, reload the server, and intercept all traffic passing through it. The remaining five provide reconnaissance capabilities, such as reading existing configs and mapping backend infrastructure. In other words, an attacker can silently take over your server and spy on your traffic.

Why This Nginx-ui MCP Flaw Demands Immediate Action

VulnCheck has already added the flaw to its Known Exploited Vulnerabilities (KEV) list. Meanwhile, Recorded Future’s Insikt Group independently flagged it in a recent report as one of 31 high-impact vulnerabilities exploited during March 2026, assigning it a risk score of 94 out of 100. These endorsements underscore the severity of the threat.

Pluto Security’s researchers used Shodan to identify over 2,600 publicly reachable nginx-ui instances across cloud providers including Alibaba Cloud, Oracle, and Tencent. Most were running on the default port 9000. The tool’s Docker image has been pulled more than 430,000 times, suggesting a much larger population of potentially vulnerable deployments sitting behind firewalls. Therefore, the actual number of at-risk instances could be significantly higher.

What Makes This Vulnerability Particularly Dangerous

This is the second MCP vulnerability Pluto Security has disclosed in recent weeks, following MCPwnfluence, an SSRF-to-RCE chain in the Atlassian MCP server. Both cases expose a recurring weakness: when MCP is connected to existing applications, its endpoints often inherit full capabilities without inheriting any of the security controls. As a result, a single missing check can compromise an entire system.

How to Protect Your Servers from the Nginx-ui MCP Flaw

The nginx-ui maintainers released a patch in version 2.3.4 just one day after disclosure. The fix amounted to 27 characters of added code, along with a regression test to prevent the same oversight from recurring. Organizations running nginx-ui with MCP enabled should take immediate action:

• Update to version 2.3.4 or later without delay.
• If patching is not possible, disable MCP functionality entirely.
• Restrict network access to the management interface using firewalls or VPNs.
• Review server logs and configuration directories for any unauthorized changes.

For more on securing your infrastructure, check out our guide on how to secure your nginx servers. Additionally, you may want to read about MCP security best practices to avoid similar pitfalls.

Conclusion: Act Now Before the Nginx-ui MCP Flaw Hits Your Network

Given the active exploitation and high CVSS score, this is not a vulnerability you can afford to ignore. The nginx-ui MCP flaw represents a clear and present danger to any organization using this popular web interface. By patching immediately, restricting access, and reviewing your logs, you can mitigate the risk. Remember, in the world of cybersecurity, a single missing line of code can open the door to disaster.

Vercel reveals customer data was stolen before its recent hack — and the breach may be bigger

App and website hosting powerhouse Vercel has disclosed that hackers managed to steal some of its customers’ data before the company discovered a major breach in early April. The revelation suggests the incident is more serious than first reported.

In an updated security notice, Vercel said its expanded investigation uncovered evidence of malicious activity on its network that predates the April intrusion. The company now believes a small number of customer accounts were compromised through social engineering, malware, or other tactics — separate from the main attack.

The Vercel customer data stolen in two waves

Vercel initially reported that its internal systems were breached after an employee downloaded an app from startup Context AI. Hackers exploited that app to hijack the employee’s work account and then infiltrate Vercel’s network.

However, the latest update indicates the Vercel data breach may have been ongoing longer than first thought. The company confirmed it found additional customer accounts compromised during the April incident, though it declined to specify how many or how far back the earlier breach dates.

“We have uncovered a small number of customer accounts with evidence of prior compromise that is independent of and predates this incident, potentially as a result of social engineering, malware, or other methods,” the company stated.

CEO links breach to infostealer malware

Vercel CEO Guillermo Rauch took to X to confirm that the hackers behind the attack have been active “beyond that startup’s compromise,” referring to Context AI, which itself confirmed a breach this week. Rauch pointed to early signs that the attackers relied on malware designed to steal valuable tokens — including keys to Vercel accounts and other services.

This behavior aligns with information-stealing malware, or infostealers, which often disguise themselves as legitimate software. Once installed, these programs collect and upload sensitive secrets from the victim’s computer, such as passwords and private keys, granting hackers access to any system those keys unlock.

“Once the attacker gets ahold of those keys, our logs show a repeated pattern: rapid and comprehensive API usage, with a focus on enumeration of non-sensitive environment variables,” Rauch explained.

The hackers used the hijacked Vercel employee’s account to reach internal systems, including customer credentials that were stored without encryption. This means the Vercel customer data stolen could include sensitive login information.

Context AI and the infostealer connection

Rauch’s comments add weight to earlier reports from security researchers that a Context AI employee’s computer was infected with infostealer malware after allegedly searching for Roblox game cheats. TechCrunch also reported that compliance startup Delve, accused of faking customer data, handled security certifications for Context AI.

Neither Vercel nor Context AI has confirmed the total number of affected customers. Both companies have warned that the breach may impact more organizations, and that additional victims could emerge in the coming weeks.

What this means for Vercel users

If you host applications or websites on Vercel, this incident underscores the importance of rotating API keys, enabling multi-factor authentication, and monitoring account activity for unusual behavior. Vercel has notified customers known to be affected so far, but the full scope remains unclear.

For a deeper look at how hosting providers handle security incidents, check out our guide on cloud hosting security best practices. You might also want to review how to rotate API keys safely to protect your own projects.

As investigations continue, the Vercel data breach serves as a stark reminder that even major platforms can fall victim to sophisticated malware campaigns. Stay vigilant, and consider infostealer malware protection tips to safeguard your credentials.