Posts
Vulnerabilities Confirmed Discovered by AI
A living tracker of every CVE and equivalent ID confirmed discovered by an AI system — from Big Sleep's SQLite stack underflow to Project Glasswing's 50+ entries. Includes the models-vs-harness distinction, a leaderboard across AI orgs, live exploitation intelligence from the Vulnetix VDB, and a maintainer's honest accounting of the AI-bug-report slop problem.
AI security researchCVEvulnerability discoveryBig SleepProject GlasswingMythos
Patch Tuesday Archive
Every Microsoft Patch Tuesday release, CVE-by-CVE, with downloadable CSAF + VEX documents and live exploit intelligence from the Vulnetix VDB. Navigate the full history or deep-link to any month.
Patch TuesdayMSRCMicrosoft Security Response CenterCVECSAFVEX
Bypassing the Need for Scanners
Traditional vulnerability scanners fire after the code is already written, committed, and pushed. The feedback loop is architecturally broken. Here's why AI coding agents make the old model obsolete.
AI coding agentsvulnerability scannersshift-leftpre-commit securitySCASAST
Exploit Intelligence Signals
A seven-tier view of how the world's exploit data actually stacks up — from social mentions to KEV listings to EPSS predictions. Live counts from the Vulnetix VDB, honestly sourced.
exploit intelligenceCVEKEVEPSSCESSCoalition ESS
Vendor Disclosure Trends
Monthly and yearly vendor disclosure counts, broken down by CVE, GHSA, and everything else. Live data from the Vulnetix VDB, sourced from 160+ authorities. An honest look at who's actually writing the world's advisories.
CVE trendsGHSAvulnerability disclosurevendor advisoriesCNAvulnerability database
SBOM: Source of Truth for Software Supply Chain Security
Why every software team needs an SBOM. From incident response to regulatory compliance — and the 11 hidden problems with vendor SBOM generators that Vulnetix solves.
SBOMsoftware bill of materialsCycloneDXSPDXsupply chain securityvulnerability management
Matching Cloud Vulnerabilities
How Vulnetix correlates cloud-provider advisories to your running workloads using the IETF CRIT specification — deterministic matching across AWS, GCP, and Azure.
cloud vulnerabilitiesCVE matchingIETF CRITcloud securityAWS advisoriesGCP advisories
Topics
agent harnessAI assistantsAI coding agentsAI security researchAISLEautonomous vulnerability discoveryAWS advisoriesAzure advisoriesBig Sleepbug bountyCESSClaudecloud securitycloud vulnerabilitiesCNACoalition ESSCPECrowdSecCSAFCVECVE matchingCVE trendsCycloneDXdependency confusiondeveloper workflowEO 14028EPSSEU CRAexploit intelligenceexploitability indexexploitation maturityExploitDBGCP advisoriesGHSAIETF CRITincident responseKB articlesKEVMetasploitMicrosoft Security Response CenterMicrosoft vulnerabilitiesMSRCMythosNucleio3OSS-FuzzOSVPatch TuesdayPix AIpre-commit securityProject GlasswingprovenancepurlSASTSBOMSCASecurity Copilotshift-leftsigned SBOMSLSASnort rulessoftware bill of materialsSPDXsupply chain securityVDBvendor advisoriesVEXVulnCheckvulnerability advisoriesvulnerability correlationvulnerability databasevulnerability disclosurevulnerability discoveryvulnerability managementvulnerability prioritisationvulnerability scannersWindows patcheszero-day