The AI CVE surge: By the numbers
AI CVEs in 2025 +34.6% YoY
Projected AI CVEs in 2026
AI CVEs rated high/critical
Agentic AI CVE growth YoY
The gap between discovery and remediation is the new battleground
AI is driving a generational shift in cyber defense, expanding the attack surface while accelerating vulnerability discovery for defenders and adversaries alike.
The critical challenge is bridging the gap between what's found and what's fixed before adversaries exploit it. With AI CVEs growing 34.6% year-over-year and production environments perpetually exposed, your security teams need a VulnOps strategy that converts intelligence into protection.
TrendAI Vision One™ enables you to bring together TrendAI™ Research, TrendAI™ Zero Day Initiative™ (ZDI), and TrendAI™ AI-Enhanced Security, Intelligence, and Research (AESIR) to operationalize the full spectrum of vulnerability intelligence. Combine human expertise with AI-powered insights to help your teams understand what matters. Prioritize what's exploitable and take faster, more informed action to reduce exposure across hybrid environments, including through capabilities like virtual patching.
"AI is dramatically accelerating vulnerability discovery, but remediation timelines haven't kept pace. Our collaboration with Anthropic ensures that organizations get the best vulnerability threat intelligence and the ability to reduce risk across their environments before attacks take place."
"By using Claude to power TrendAI Vision One™ and initiatives like TrendAI™ ZDI and Pwn2Own™, TrendAI™ is advancing the next iteration of vulnerability discovery and reporting, and tilting the scales toward defenders."
Section 1 - Column 3. Praesent non velit ut libero
condimentum pulvinar sed vitae tellus.
Vestibulum
id tristique elit. Suspendisse posuere rutrum
sodales. Nam id elit ac sem iaculis lacinia
posuere vitae metus.
Section 1 - Column 4. Praesent non velit ut libero
condimentum pulvinar sed vitae tellus.
Vestibulum
id tristique elit. Suspendisse posuere rutrum
sodales. Nam id elit ac sem iaculis lacinia
posuere vitae metus.
The TrendAI™ VulnOps Model
TrendAI™ allows you to close the gap between vulnerability discovery and protection through a connected model: threat research to understand the landscape, AESIR to accelerate discovery, TrendAI™ ZDI to validate and disclose findings, and TrendAI Vision One™ to operationalize protection.
The framework below shows how those capabilities work together so you can turn intelligence into action across the vulnerability lifecycle.
TrendAI™ Research: Adversary intelligence
Two decades tracking the world's threat actors, including nation-state groups, ransomware crews, and supply-chain operators across one of the largest telemetry footprints on the planet. The intelligence layer that informs every target AESIR investigates.
AESIR: AI-speed vulnerability discovery
Our TrendAI™ agentic research platform, powered by Anthropic Claude Opus 4.7, reasons like an attacker to find zero-days at machine speed, determining what's reachable, controllable, and exploitable. Scan entire codebases in hours instead of weeks.
TrendAI™ ZDI: Coordinated disclosure
The world's largest vendor-agnostic bug bounty and vulnerability disclosure program. Human experts manage responsible disclosure end-to-end. Our TrendAI™ ZDI critical-severity discovery rate is 2× the industry average.
TrendAI Vision One™: Operationalized defense
Industry-leading AI security platform. Maps attack paths, prioritizes real-world risk, and deploys virtual patching across hybrid environments, so you can reduce exposure while your security teams prepare fixes.
TrendAI™ ZDI AI critical rate vs. industry: 23% vs. 11.1% average for all AI CVEs.
Fortune 500s using TrendAI™ stop threats up to three months earlier than industry peers.
Fault lines in the AI ecosystem
The TrendAI™ State of AI Security Report documents the most comprehensive picture of AI's expanding attack surface. The shift from infrastructure to application-layer vulnerabilities signals a new phase, as attackers are following AI adoption into production.
MCP server CVEs in 2025
Brand-new attack surface. Over 60% are injection vulnerabilities. Expected to grow between 89% and 195% in 2026.
Agentic AI CVE growth
From 74 to 263 CVEs year-over-year, the fastest-growing AI attack category. Novel privilege escalation and prompt injection risks.
GPU and AI hardware
3,127 CVEs total. NVIDIA accounts for 43% of TrendAI™ ZDI AI cases. Critical CVSS 9.8 RCE discovered in Isaac GR00T.
AI supply chain severity
Highest concentration of high and critical CVEs. APT28-linked malware uses Hugging Face APIs to generate payloads at runtime.
Total AI CVEs (2018 – 2025)
Out of 330,239 total CVEs tracked. AI's share reached 4.42% in 2025, the highest ever recorded.
AI infrastructure at stake
Global AI spend projected to exceed $2 trillion by 2026. Enterprise GenAI tripled to $37B in 2025.
Modern SIEM. Without the legacy baggage.
- Onboard data in hours, not weeks, for streamlined threat detection and response
- Get off the rule-writing treadmill with AI-built detections
- Simplified management with built-in orchestration and no add-ons
- Reduce costs with predictable pricing and no log tax surprises
Section 2 - Column 3. Praesent non velit ut libero
condimentum pulvinar sed vitae tellus.
Vestibulum
id tristique elit. Suspendisse posuere rutrum
sodales. Nam id elit ac sem iaculis lacinia
posuere vitae metus.
Section 2 - Column 4. Praesent non velit ut libero
condimentum pulvinar sed vitae tellus.
Vestibulum
id tristique elit. Suspendisse posuere rutrum
sodales. Nam id elit ac sem iaculis lacinia
posuere vitae metus.
Everything you need to navigate the frontier era
Outpace the attackers. Arm yourself and your customers with the full TrendAI™ body of work
on AI-powered vulnerability operations.
Mythos Raises the Stakes: A VulnOps Strategy That Wins the Game
Learn how the Mythos era has reshuffled the vulnerability operations playbook. TrendAI™ experts break down AI-accelerated discovery, real-world risk prioritization, and how defenders can operationalize intelligence faster than attackers can exploit it.
News release
TrendAI™ Deploys Claude Opus 4.8 to Advance Vulnerability Detection and Risk Mitigation
Through the initiative, TrendAI™ is trailblazing AI security capabilities including understanding context, exploitability, business impact, and remediation.
News release
TrendAI™ Partners with Anthropic to Extend Leadership in AI Security
TrendAI™ embeds Claude across its platform to power agentic workflows, automation, AI-native security operations, and threat research, covering the full AI security lifecycle from discovery to defense.
Threat research blog
Introducing AESIR: Finding Zero-Day Vulnerabilities at the Speed of AI
Deep dive into how AESIR finds zero-days at AI speed and how our TrendAI™ ZDI team discovered a CVSS 9.8 RCE in NVIDIA Isaac GR00T and 21 CVEs across AI-production infrastructure.
Security report
Fault Lines in the AI Ecosystem: TrendAI™ State of AI Security Report
6,086 AI CVEs analyzed. 2,130 disclosed in 2025 alone. MCP servers, agentic AI, and AI supply chains are the fastest-growing attack surfaces. Essential reading for every security and risk leader.
Section 3 - Column 3. Praesent non velit ut libero
condimentum pulvinar sed vitae tellus.
Vestibulum
id tristique elit. Suspendisse posuere rutrum
sodales. Nam id elit ac sem iaculis lacinia
posuere vitae metus.
Section 3 - Column 4. Praesent non velit ut libero
condimentum pulvinar sed vitae tellus.
Vestibulum
id tristique elit. Suspendisse posuere rutrum
sodales. Nam id elit ac sem iaculis lacinia
posuere vitae metus.
How we got here: 90 days from intent to production
January 2026
AESIR publicly launched
TrendAI™ introduces AESIR, our AI security research platform for AI-speed vulnerability discovery, since mid-2025.
March 2026
State of AI Security Report released
TrendAI™ publishes Fault Lines in the AI Ecosystem, the most comprehensive analysis of the AI CVE landscape, forecasting 2,800–3,600 AI CVEs in 2026.
April 15, 2026
Strategic partnership announced
TrendAI™ and Anthropic announce a strategic engagement, embedding Claude models across our TrendAI™ platform for agentic workflows, automation, and AI-native security operations.
April 30, 2026
Claude Opus 4.7 in production
TrendAI™ and Anthropic advance AI-powered vulnerability detection with Claude Opus 4.7, participating in Anthropic's Cyber Verification Program for frontier AI model access in defensive security.
May 21, 2026
Mythos VulnOps webinar live demo
TrendAI™ experts demonstrate the full VulnOps strategy live, from AESIR discovery through TrendAI Vision One™ risk operationalization. Watch the on-demand demo session.
May 28, 2026
TrendAI™ deploys Claude Opus 4.8 to Advance Vulnerability Detection and Risk Mitigation
“Frontier AI and virtual patching help teams understand risk, prioritize what matters, and respond faster.”
June 3, 2026
TrendAI™ Joins Anthropic's Project Glasswing
TrendAI™ announced its participation in Project Glasswing, an initiative focused on helping organizations identify and address vulnerabilities in critical software systems.
2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP) Named a Leader for Endpoint Protection Platforms for the 19th time in a row
Read more →
2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP) Named a Leader for Endpoint Protection Platforms for the 19th time in a row
Read more →
2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP) Named a Leader for Endpoint Protection Platforms for the 19th time in a row
Read more →
Ready for a winning VulnOps strategy?
See how TrendAI Vision One™ enables you to close the gap between vulnerability discovery and real-world risk reduction in your environment.
AI Summit Keynote
August 5 | 11:00 a.m. | Oceanside AD, Level 2
Leading the Future: Real-World Proactive Security Strategies with Agentic AI and Autonomous Red Teaming
Cybersecurity teams are stuck in a reactive loop. Learn how to break free by predicting and preventing attacks before they happen. Join this keynote for an insider’s look into digital twin tech, agentic AI, and a proactive security framework to enhance your team's effectiveness and foresight.
Rachel Jin
Chief Enterprise Platform Officer
Trend Micro
AI Summit Expo Session
August 6 | 10:15 a.m. | AI Summit Stage in the Business Hall
The Security for AI Blueprint: How to Hack-Proof Your AI Stack
Join this session to learn innovative cybersecurity strategies for protecting AI systems and large language models. Gain insights on countering adversarial attacks, data poisoning, and prompt injection vulnerabilities, and discover how to safeguard against deepfakes and zero-day exploits.
Fernando Cardoso
VP, Product Management
Trend Micro
Section 5 - Column 4. Praesent non velit ut libero
condimentum pulvinar sed vitae tellus.
Vestibulum
id tristique elit. Suspendisse posuere rutrum
sodales. Nam id elit ac sem iaculis lacinia
posuere vitae metus.