Artificial intelligence already is finding so many flaws in popular technology that the US government is overwhelmed, an issue poised to worsen after Anthropic PBC released an AI model designed to uncover more computer problems.

The National Vulnerability Database, which tracks software bugs in order to help organizations fix them, has added nearly 20,000 flaws to its storehouse in 2026. That's up nearly 33% from the same period last year, according to the National Institute of Standards and Technology.

Cybersecurity personnel in the government and private sector rely on the NVD as the definitive repository of software bugs. Hackers use flaws logged in the database for spying, theft and sabotage. Private sector organizations use the same information to figure out which problems in their technology are most important to fix.

"With large language models, both ethical and malicious hackers are able to discover vulnerabilities more quickly and effectively than before," said Harold Booth, who leads the NVD. "AI's impact on the field is now and will likely remain a very significant factor for some time."

AI is one factor driving the increase, Booth said. Other factors, he said: Software is growing increasingly complex. Technology is shifting to less secure devices. And the number of organizations submitting vulnerabilities is growing.

Humans previously would spend weeks or months trying to find software vulnerabilities, either to launch a hacking spree or to fix the problems before bad guys found them. That suddenly feels like a lifetime ago. AI tools have started autonomously finding those flaws -- sometimes bad ones -- in minutes.

The Zero Day Initiative, a bug tracking program by the security firm Trend Micro, recently received 200 high-severity vulnerabilities in a single week, a ten-fold increase that is "directly the result of AI being used," according to Dustin Childs, head of threat awareness at the Zero Day Initiative.

The increase is likely to accelerate after Anthropic released the Mythos model to a limited set of organizations, encouraging them to use it to scour for software flaws in their systems. JPMorgan Chase & Co. Chief Executive Officer Jamie Dimon said that the bank's initial experimentation with Mythos has already determined that "a lot more vulnerabilities need to be fixed."

The White House's Office of Management and Budget last week informed cybersecurity chiefs across the government that it was moving to provide them with access to some version of Mythos.

The National Institute of Standards and Technology recently announced major changes to how the database prioritizes new bugs. That includes focusing on the most important vulnerabilities -- those that are being actively exploited by hackers, pose a risk to the US government or represent weaknesses in critical software.

The huge influx of bugs is increasingly difficult to fix due to sheer quantity, said Childs. Each tech company still has to go through a process of validation, testing and packaging fixes. That's followed by businesses who have to test every new update on their own systems. The gap between discovering vulnerabilities and actually fixing them opens up a dangerous window that hackers can exploit.

Coming soon: Get the AI Today newsletter -- chronicling the disruptions and threats of AI on businesses, workers, governments and economies with analysis from Bloomberg's global newsroom.

What We Learned This Week

The US is waiting on whether Iran will take part in a second round of talks before a ceasefire expires on Wednesday, with the sides deadlocked on how to end a war that's engulfed the Middle East and triggered a growing energy crisis.

US President Donald Trump said his vice president, JD Vance, is ready to leave for negotiations in Pakistan, but threatened to resume the country's military operation if Iran doesn't make a deal.

For its part, Tehran has yet to confirm its attendance in Islamabad. Parliament Speaker Mohammad Bagher Ghalibaf, who led Iran's delegation during the first round of talks earlier this month, said his country would not "accept negotiations under the shadow of threats."

Bloomberg.com subscribers are invited to nominate candidates for the inaugural VivaTech x Bloomberg Rising Star Award, to be presented in Paris on June 18. Chosen by the Bloomberg subscriber community, the Rising Star Award honors an emerging founder, technologist, academic or creator whose work is already demonstrating meaningful early impact. It celebrates individuals whose ideas, innovation and leadership are helping shape the future of technology. Submit a nomination here.

What We're Reading

How cybercrime became a leading industry in 'Scambodia.'
NSA is using Anthropic's Mythos despite blacklist, according to Axios.
The deepfake nudes crisis in schools is much worse than you thought.
Sam Altman may control our future -- can he be trusted?
How a billionaire owner brought turmoil and trouble to Sotheby's.

Got a News Tip?

You can reach Patrick Howell O'Neill at [email protected]. You can also send us files safely and anonymously using our SecureDrop.

AI is Already Finding Thousands of Software Flaws, Even Before Anthropic's Mythos