AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

Anthropic bets on EPSS for the coming bug surge

infonews

securityindustry

Source: CSO OnlineApril 22, 2026

Summary

AI tools like Anthropic's Mythos can find software vulnerabilities much faster than before, creating a problem: security teams must decide which vulnerabilities to fix first among thousands of options. Anthropic recommends using EPSS (Exploit Prediction Scoring System, a machine learning model that predicts which vulnerabilities are likely to be exploited in the next 30 days) to prioritize which vulnerabilities need immediate attention, similar to how weather forecasters predict whether you'll need an umbrella.

Solution / Mitigation

According to Anthropic's guidance: 'Patching the KEV (CISA's Known Exploited Vulnerabilities catalog) list first, and then everything above a chosen EPSS threshold will help you turn thousands of open CVEs into a manageable queue.' EPSS scores are machine-driven and can be applied across all CVEs with scores published daily, and have been incorporated into more than 120 security vendors' products.

Classification

Attack SophisticationModerate

Affected Vendors

Anthropic

Related Issues

info

Secure AI agent access patterns to AWS resources using Model Context Protocol

Same vendorAWS Security Blog

high

Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports

Same vendorTechCrunch

Monthly digest — independent AI security research

Original source: https://www.csoonline.com/article/4161626/anthropic-bets-on-epss-for-the-coming-bug-surge.html

First tracked: April 22, 2026 at 08:00 AM

Classified by LLM (prompt v3) · confidence: 78%