Second-Pass Audit: What Changed in the Ledger
The launch audit added AI-attributed disclosures from Security Copilot, Claude, OpenAI Codex Security, AISLE, OSS-Fuzz AI, and Calif.io.
A second source audit changed the launch ledger in an important way: the public story no longer rests mainly on Big Sleep, XBOW, and CopyFail.
Those are still anchor cases. They are no longer the whole map.
The additions fall into six categories:
- Google OSS-Fuzz AI, because Google says AI-generated and enhanced fuzz targets produced 26 vulnerability reports, including CVE-2024-9143 in OpenSSL.
- Microsoft Security Copilot, because Microsoft says it accelerated discovery and variant analysis across a 20-CVE GRUB2, U-Boot, and Barebox bootloader campaign.
- Claude / Anthropic Research, because Mozilla, FreeBSD, F5/NGINX, and wolfSSL now have public credits that name Claude or Anthropic Research in accepted vulnerability workflows.
- Claude Mythos Preview, because Mozilla and Anthropic moved the public record from 22 Opus-era Firefox issues to 271 Mythos-identified Firefox 150 fixes, and because CVE-2026-4747 remains the strongest public Mythos exploitation case.
- AISLE, because its OpenSSL work is a sustained, multi-release CVE and patch stream rather than a one-off demonstration.
- OpenAI Codex Security, because the March 2026 research-preview post provides concrete CVE examples for what had previously been a system-level Aardvark claim.
- Xint Code’s public tracker, because Theori’s bug wall makes clear that CopyFail is the most visible Xint finding, not the only public Xint finding. The launch ledger now separates the CVE-backed tracker subset from embargoed or tracker-only rows.
The effect is not just a larger count. The ledger now spans several discovery modes: source-aware variant analysis, LLM-enhanced fuzzing, autonomous penetration testing, coordinated vendor research, open-source maintainer collaboration, and AI-assisted exploitability analysis.
Why the additions matter
Breadth is a stronger signal than volume. A single spectacular disclosure can be an outlier. Similar evidence across browsers, kernels, bootloaders, cryptographic libraries, open-source application stacks, and bug-bounty programs is harder to dismiss.
The additions also improve the attribution model. Some entries are direct upstream credits. Others are self-reported AI attribution backed by independent CVE or vendor records. Keeping those labels separate makes the ledger more credible, not less.
The Xint update is a useful example. CopyFail remains a direct, deeply sourced entry. The broader Xint tracker is real public evidence too, but its rows have different public-source strength. Bugflation now shows the 50-entry tracker context while indexing only the CVE-backed subset in the findings ledger.
What stayed out
The audit also found a lot of AI security news that should not enter this ledger as findings: vulnerabilities in AI products, prompt-injection attacks against assistants, private claims without CVE-level detail, and embargoed Project Glasswing claims that do not yet have public advisories.
Those stories can matter. They are just different stories. Bugflation tracks AI-attributed discovery of real vulnerabilities in accepted disclosure workflows, not every vulnerability near an AI product.
What this means
The launch ledger is now broad enough to support the central thesis without leaning on one vendor, one model, or one research style. The strongest public signals span browsers, kernels, bootloaders, cryptographic libraries, fuzzing infrastructure, open-source application stacks, and bug-bounty operations.
That breadth is the point. Bugflation is not a claim that one model suddenly solved vulnerability research. It is the observation that multiple AI-assisted systems are now reducing the marginal cost of finding credible bugs across very different software ecosystems.
The next audit should be stricter, not looser. As AI-attributed discovery becomes more common, the site should raise the bar for source quality, separate cluster counts from individual CVE counts, and continue holding secondary-only claims out of the findings list until a primary source appears.
Published May 4, 2026 by Bugflation Editorial. Follow new articles and findings through the RSS feed.