Microsoft on pace to break annual vulnerability record as AI-driven patch wave takes hold
Five months into 2026, Microsoft has already patched more than 500 vulnerabilities — although the exact monthly count varies depending on whether analysts include Edge, Chromium and fixes shipped earlier in the month.
Microsoft on Tuesday issued patches for more than 130 security vulnerabilities, putting it on pace to break its own annual record, with the company's security leadership acknowledging that AI tools are driving a surge in vulnerability discovery across the industry.
Five months into 2026, Microsoft has already patched more than 500 vulnerabilities — although the exact monthly count varies depending on whether analysts include Edge, Chromium and fixes shipped earlier in the month.
April's release addressed 173 vulnerabilities according to Microsoft's Security Update Guide, while May's release followed with more than 137. Tom Gallagher, vice president of engineering at Microsoft’s Security Response Center, said in a blog post the company expects releases to continue trending larger.
Source: https://therecord.media/microsoft-on-pace-to-break-annual-vulnerability-record-ai
Related breach coverage
- Microsoft Patch Tuesday for May 2026 fix 138 bugs, some of them are alarming2026-05-13
Microsoft’s May 2026 Patch Tuesday fixed 138 flaws, including 30 critical bugs, across Windows, Office, Azure, Edge, SQL Server, and more. Microsoft’s May 2026 Patch Tuesday patched 138 vulnerabilities in a single release. That is a number that gives pause even for people accustomed to these cycles. The affected products span virtually the entire Microsoft […]
- High-Severity Vulnerability Patched in VMware Fusion2026-05-14
The patch was announced as Broadcom is attending the Pwn2Own hacking competition in Berlin this week. The post High-Severity Vulnerability Patched in VMware Fusion appeared first on SecurityWeek.
- Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code2026-05-13
Microsoft’s MDASH discovered 16 of the Patch Tuesday vulnerabilities, and Palo Alto used Mythos to find dozens of flaws. The post Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code appeared first on SecurityWeek.
- Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises2026-05-13
CVE-2026-40361 is similar to a vulnerability found a decade ago, BadWinmail, which at the time was dubbed an “enterprise killer”. The post Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises appeared first on SecurityWeek.