Submit finding
Source ledger checked May 8, 2026

Bug discovery is inflating.

The public record is small. The signal is real.

Bugflation is the gap between AI-accelerated vulnerability discovery and the slower human systems that validate, patch, and deploy fixes. We track real advisories, real CVEs, named AI systems, and attribution labels you can audit. CopyFail (CVE-2026-31431) is the case that made the term unavoidable.

Read the thesis Browse findings
34
Public entries in the source ledger
149
CVE IDs explicitly tracked
31
Critical or high-impact entries
139
Primary and corroborating source links
01 - The thesis

The scarce resource is moving from finding bugs to handling findings.

AI-assisted systems are starting to show up in accepted disclosure workflows. The right response is not panic or dismissal; it is better intake, faster validation, and patch pipelines that can absorb the new volume.

Discovery is cheaper

CopyFail, Big Sleep, AISLE, Claude, Security Copilot, XBOW, and bug-bounty Hackbots show different versions of the same economic shift: more vulnerability hypotheses can be generated and tested per unit of expert time.

Attribution is uneven

Some advisories directly name an AI system. Others rely on an operator write-up plus a public CVE. The index labels that difference instead of hiding it in a single score.

Validation is the tax

More reports are not automatically more security. Maintainers need reproducible evidence, duplicate detection, exploitability review, and regression tests to turn claims into shipped fixes.

Patch capacity is strategy

The teams that handle bugflation well will not be the ones that find the most issues. They will be the ones that close the loop from credible report to deployed patch fastest.

02 - Credited systems

Named systems in the public record.

These are not model leaderboards. They are evidence profiles for systems that appear in public vulnerability-discovery workflows.

Google DeepMind / Project Zero AI agent

Google Big Sleep

The first public AI vulnerability-research agent with accepted real-world findings across SQLite, Chrome V8, and Apple WebKit.

  • Indexed entries6
  • CVE IDs tracked10
  • Critical/high entries5
Microsoft Autonomous Code Security Platform

Microsoft MDASH

Microsoft's multi-model agentic scanning harness, credited by Microsoft with 16 public CVEs across Windows networking and authentication code.

  • Indexed entries1
  • CVE IDs tracked16
  • Critical/high entries1
AISLE Platform

AISLE

An autonomous security analyzer with a sustained OpenSSL disclosure record and a FreeBSD core advisory batch spanning dhclient RCE, dhclient memory corruption, and libnv stack corruption.

  • Indexed entries2
  • CVE IDs tracked23
  • Critical/high entries2
Anthropic and collaborators AI agent

Claude / Anthropic Research

Public Claude-assisted disclosure credits outside the Mythos-only record, including Firefox, FreeBSD follow-ups, NGINX, wolfSSL, and Apache ActiveMQ.

  • Indexed entries4
  • CVE IDs tracked40
  • Critical/high entries4
Anthropic / Project Glasswing AI agent

Claude Mythos Preview

Anthropic's restricted cyber-capable frontier model, publicly tied to FreeBSD RCE, Firefox 150 hardening, and Project Glasswing.

  • Indexed entries2
  • CVE IDs tracked4
  • Critical/high entries2
Theori / Xint Platform

Xint Code

The AI-assisted vulnerability research system credited in CopyFail, with a broader public tracker spanning CVE-backed and embargoed findings.

Xint public bug tracker 50 Xint tracker findings

  • Indexed entries2
  • CVE IDs tracked8
  • Critical/high entries2
Bynario Platform

BynarIO AI

Bynario's AI-driven vulnerability-research pipeline, with direct Apple and Linux upstream credits across binary analysis, kernel discovery, validation, and patching.

  • Indexed entries3
  • CVE IDs tracked3
  • Critical/high entries2
Zellic AI / V12 Platform

V12

Zellic's agentic security platform, now publicly tied to Fragnesia, CVE-2026-46300, a Linux kernel page-cache local privilege escalation.

  • Indexed entries1
  • CVE IDs tracked1
  • Critical/high entries1
Striga / ISEC Platform

Striga AI

Striga's AI-based source-code auditing platform, with public CVE credits and research write-ups across Apache httpd, Tomcat, Ollama, axios, and Mattermost Desktop.

  • Indexed entries1
  • CVE IDs tracked1
  • Critical/high entries1
ZeroPath Platform

ZeroPath AI SAST

ZeroPath's AI-native SAST and security-research workflow, with public CVE-backed and upstream-patched findings across ProFTPD, Spinnaker, better-auth, FFmpeg, sudo, and other open-source projects.

  • Indexed entries6
  • CVE IDs tracked5
  • Critical/high entries6
XBOW Platform

XBOW

An autonomous AI-driven penetration-testing platform with public bug-bounty milestones and self-reported Microsoft critical RCE credits.

  • Indexed entries3
  • CVE IDs tracked3
  • Critical/high entries3
Google Open Source Security Team Platform

Google OSS-Fuzz AI

LLM-enhanced fuzz-target generation and triage inside Google's OSS-Fuzz ecosystem.

  • Indexed entries1
  • CVE IDs tracked1
  • Critical/high entries0
Microsoft Threat Intelligence AI agent

Microsoft Security Copilot

Microsoft's AI security assistant, publicly tied to a GRUB2, U-Boot, and Barebox bootloader vulnerability campaign.

  • Indexed entries1
  • CVE IDs tracked20
  • Critical/high entries1
OpenAI AI agent

OpenAI Aardvark / Codex Security

OpenAI's agentic security researcher, now surfaced as Codex Security with public OSS CVE examples.

  • Indexed entries1
  • CVE IDs tracked14
  • Critical/high entries1
HackerOne ecosystem Policy

HackerOne Hackbots

The policy layer around AI-assisted vulnerability discovery: human-in-the-loop rules, accountable operators, and bounty eligibility.

  • Indexed entries0
  • CVE IDs tracked0
  • Critical/high entries0

Evidence index is editorial: direct upstream credits score higher than self-reported attribution. It is not a model capability benchmark. Read the methodology.

03 - Latest findings

Real entries, source links first.

Every finding page includes an attribution label and references. Direct upstream credits and self-reported AI attribution are intentionally kept separate.

high

CVE-2026-46300 - Fragnesia: V12-assisted Linux kernel page-cache LPE CVE-2026-46300

V12's public PoC and write-up say Fragnesia, CVE-2026-46300, was discovered with V12 by William Bowling and the V12 team; distro trackers and kernel patch mail corroborate the Linux XFRM ESP-in-TCP local-root vulnerability.

Direct source attribution
critical

CVE-2026-33827 + 15 more - Microsoft MDASH publishes 16 Windows networking and authentication CVEs

Microsoft says its multi-model agentic scanning harness, codename MDASH, helped researchers find 16 CVEs across Windows networking and authentication code, including four Critical remote code execution flaws.

Direct source attribution
high

CVE-2026-31532 - Bynario AI assists Linux CAN raw socket UAF fix

Bynario says its LLM-driven pipeline discovered, validated, and patched CVE-2026-31532, a Linux kernel CAN raw socket use-after-free; the upstream Linux commit includes Assisted-by: Bynario AI.

Direct source attribution
high

CVE-2026-39816 - ZeroPath finds Apache NiFi Execute Code permission bypass CVE-2026-39816

ZeroPath Research disclosed an Apache NiFi authorization flaw where users without EXECUTE_CODE can run code through TinkerpopClientService when optional graph extensions are installed.

Self-reported attribution
high

CVE-2026-23918 - Striga says its Apache httpd scan surfaced CVE-2026-23918

Striga says an open-weights model scan costing under $100 surfaced the Apache HTTP Server 2.4.66 mod_http2 double-free behind CVE-2026-23918; Apache credits Bartlomiej Dmitruk, striga.ai, and Stanislaw Strzalkowski, isec.pl, as finders.

Self-reported attribution

See all findings

04 - Timeline

The public milestones are concrete.

Nov 2024

Google says OSS-Fuzz AI found CVE-2024-9143 in OpenSSL

LLM-generated fuzz targets produce a 26-vulnerability OSS-Fuzz milestone, anchored by OpenSSL.

 Nov 2024

Big Sleep publishes the first public real-world AI-agent vulnerability finding

Project Zero describes an exploitable SQLite stack buffer underflow found before release.

 Feb 2025

HackerOne formalizes rules for AI-assisted bug hunting

The Hackbots policy puts human validation, scope compliance, and operator accountability on record.

 Mar 2025

Microsoft Security Copilot enters the bootloader record

Microsoft describes a 20-CVE GRUB2, U-Boot, and Barebox campaign accelerated by Security Copilot.

 Jul 2025

Google says Big Sleep helped cut off imminent SQLite exploitation

CVE-2025-6965 becomes the clearest public case of AI-assisted discovery paired with threat intelligence.

 Jan 2026

AISLE turns OpenSSL into a sustained autonomous-analysis benchmark

AISLE reports 20 OpenSSL CVEs across three coordinated releases, with accepted fixes on many entries.

 Mar 2026

Claude-assisted Firefox credits appear at browser scale

Anthropic and Mozilla document Firefox 148 findings, with Mozilla advisories crediting Claude across CVEs.

 Mar 2026

XBOW reports autonomous critical Microsoft RCE findings

Microsoft/NVD records confirm critical CVEs; XBOW supplies the AI-attribution claim.

 Apr 2026

CopyFail turns bugflation into a concrete kernel-security story

Xint Code scales a Taeyang Lee AF_ALG/page-cache insight across Linux crypto and surfaces CVE-2026-31431.

 Apr 2026

ZeroPath publishes critical Spinnaker and ProFTPD findings

ZeroPath Research adds a self-reported AI-assisted trail for three CVE-backed RCE or RCE-adjacent findings across deployment and FTP infrastructure.

 Apr 2026

AISLE expands from OpenSSL into FreeBSD core

FreeBSD credits AISLE Research Team for dhclient RCE, dhclient heap corruption, and libnv stack corruption advisories in the April 29 release.

 May 2026

Striga publishes Apache httpd scan details

Striga says an open-weights scan costing under $100 surfaced CVE-2026-23918; Apache credits Dmitruk/striga.ai and Strzalkowski/isec.pl.

 May 2026

Bynario AI enters the Linux kernel record

Linux commits for CVE-2026-31532 and CVE-2026-31694 carry Assisted-by: Bynario AI; the CAN write-up details discovery, validation, and patching.
05 - Analysis

Short, sourced, operational.

linuxcopyfail

DirtyFrag and Copy Fail2 Show the Page-Cache Bug Class Is Not Done

DirtyFrag and Copy Fail2 are not new AI-attributed findings, but they are important CopyFail-adjacent evidence: Linux still has dangerous seams where zero-copy networking, page-cache provenance, and in-place crypto meet.
methodologyevidence

The Public Record Is Thin, but Real

The AI vulnerability-discovery record is still small, but direct credits now span browsers, kernels, bootloaders, crypto libraries, and OSS tooling.
copyfaillinux

CopyFail Is the Bugflation Moment

CVE-2026-31431 shows the bugflation pattern: expert framing plus AI-assisted subsystem review made a kernel root bug cheap to surface.

All articles

06 - What to do

Make the patch path as scalable as the search path.

01

Require reproducibility.

AI-assisted reports should arrive with affected versions, input, expected result, actual result, and a minimized proof path. Reject vibes, reward evidence.

02

Track attribution honestly.

Separate upstream credit, self-reported tool usage, and secondary reporting. The distinction makes the data stronger, not weaker.

03

Budget for triage.

More submissions mean more validation work. Invest in duplicate detection, maintainer playbooks, and regression tests before the queue spikes.

04

Use the same leverage.

Run guided variant analysis after every serious fix. Attackers will search nearby code. Defenders should search it first.