What it is
Palo Alto Networks describes a May 2026 internal scanning effort using frontier AI models, including Anthropic’s Mythos and Claude Opus 4.7 and OpenAI’s GPT-5.5-Cyber through the Trusted Access for Cyber program.
The company says the May Patch Wednesday wave was the first cycle where the majority of findings came from frontier AI models scanning Palo Alto’s code across more than 130 products.
What is verified
The ledger indexes one conservative entry:
- Palo Alto’s May 2026 Patch Wednesday wave, described by Palo Alto as 26 CVEs
representing 75 issues. The public CVE set is reconstructed from 23
individual Palo Alto CVE advisory pages published on May 13 plus three Prisma
Browser CVEs listed inside
PAN-SA-2026-0007.
The public advisory pages and CSV verify the vulnerabilities, affected products, dates, and fixes. Palo Alto’s blog supplies the frontier-AI scan attribution at the wave level.
Attribution boundary
This profile has a lower evidence index than entries such as Microsoft MDASH because Palo Alto does not publish a per-CVE attribution map. The source says the majority of findings came from frontier AI models, but individual advisory pages generally credit internal security research teams, external researchers, or both without naming a model.
Bugflation therefore treats this as a vendor-scale AI-assisted disclosure wave, not as evidence that any one model found all 26 CVEs.
Why it matters
Palo Alto’s entry matters because it shows bugflation inside a major security vendor’s own remediation process. The signal is not only model capability. It is the organizational effect: a monthly advisory cadence that normally publishes fewer than five CVEs suddenly had to process a much larger batch after frontier-model scanning.