The 163 CVEs (Common Vulnerabilities and Exposures) disclosed in Microsoft’s monthly release of security fixes comes amid increasing discoveries of vulnerabilities using AI tools, according to a TrendAI threat tracker.
A “monstrous” total of 163 CVEs received software patches as part of Microsoft’s monthly release of software bug fixes, colloquially known as “Patch Tuesday,” amid a surge in AI-driven vulnerability discovery, TrendAI’s Dustin Childs wrote in a blog post.
[Related: Anthropic Claude Mythos Suggests Vulnerability Management Will Soon ‘Break’: Forrester]
“By my count, this is the second-largest monthly release in Microsoft’s history,” wrote Childs, head of threat awareness at TrendAI.
“There are many things we could speculate on to justify the size, but if Microsoft is like the other programs out there (including ours), they are likely seeing a rise in submissions found by AI tools,” he wrote. “For us, our incoming rate has essentially tripled, making triage a challenge, to say the least.”
CRN has reached out to Microsoft for comment.
The disclosure comes less than a week after Anthropic and vendor collaborators, including Microsoft, released claims touting the ultra-powerful vulnerability discovery capabilities of Anthropic’s unreleased Claude Mythos model. Mythos demonstrates that AI models can now “surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” Anthropic said in a post.
In the wake of the claims by Anthropic and its collaborators, it’s clear that AI could soon totally upend existing vulnerability management practices, Forrester analysts wrote in a post.
Anthropic said it’s taking proactive steps over the potential misuse of the technology with the launch of a new initiative, “Project Glasswing,” which is providing Claude Mythos Preview to Microsoft and other major industry players.
One Exploited Vulnerability
As part of its monthly patch release Tuesday, Microsoft disclosed just one vulnerability that has seen exploitation in cyberattacks.
While it’s unclear how widely the SharePoint Server spoofing vulnerability (tracked at CVE-2026-32201) is being exploited, “I wouldn’t wait to test and deploy this fix – especially if you have internet-connected SharePoint servers,” Childs wrote.
The flaw should be considered an “important” issue and has received a severity rating of 6.5 out of 10.0.
Eight other CVEs disclosed Tuesday by Microsoft, meanwhile, have received “critical” severity ratings.
Seven of the critical flaws are remote code execution vulnerabilities, and impact Microsoft Office, Word, .NET, Remote Desktop Client, Active Directory, Windows Internet Key Exchange and Windows TCP/IP.
