AI vulnerability discovery is pushing 2026 CVEs toward 66,000

FIRST's forecast update of 2026 CVEs reaching 66,000 marks a significant increase in vulnerability disclosures, with the running count for the first few months exceeding original projections. This surge in vulnerability disclosures means that website owners must be more vigilant than ever in monitoring and updating their systems to prevent exploitation by malicious AI bots. The rapid pace of discoveries may lead to an increased risk of AI-powered attacks, making it crucial for website owners to stay on top of the latest security patches and updates. To mitigate these risks, website owners should take the following actionable steps: regularly review and update their llms.txt files to ensure they are blocking malicious AI bots, implement robust security measures such as Web Application Firewalls (WAFs) to detect and prevent AI-powered attacks, and closely monitor their website's traffic for suspicious activity that may indicate a vulnerability exploit.