Oracle Quietly Admitted AI Broke Its Patch Calendar
Big Picture
We've covered the Mythos arc in this brief for five weeks now: Anthropic withholding the model that found thousands of zero-days in early April, Anton Chuvakin naming the "Patch Sound Barrier" the week the CSA assembled 60+ CISOs to respond, and Aikido catching Claude Code-generated malware inside SAP's npm packages at the end of the month.
The through-line every week has been that the patch-cadence math was going to break in operations, not in op-eds. This week is evidence what that break looks like when it hits production.
(FYI our CEO Surag Patel published the operational version of this argument two weeks ago, and the through-line maps directly onto this week).
TL;DR
cPanel Lost 40,000 Servers Before the Patch Landed
The cPanel authentication bypass (CVE-2026-41940, CVSS 9.8) entered mass exploitation this week, with over 40,000 servers compromised and "Sorry" ransomware encrypting Linux production filesystems. The flaw lets an unauthenticated attacker inject arbitrary values into session files and walk in as root. CISA added it to the KEV catalog on May 1. Active exploitation has been ongoing since at least March.
The CVE is the easy part. Mandiant's M-Trends 2026 puts mean time to exploit at negative seven days, with disclosure-to-exploitation compressed from 63 days down to 5 across the industry. cPanel runs a meaningful slice of the global hosting layer. The patch shipped weeks after attackers were already inside.
Takeaways
This isn't a cPanel-specific problem. The same shape — months of pre-disclosure exploitation, mass auto-rooting, ransomware layered on top — is going to repeat in the next mass-deployed administrative platform that draws a critical CVE, and Mandiant's MTTE number says the next one is already inside something. The honest planning question for next quarter is whether your remediation queue can clear a critical CVE in the hours-to-days window the data now demands, or whether you're still sized for the 30-day vendor SLAs you grew up with.
By the way: our CTO and co-founder Arshan has built a CVE war-room product. If it'd be useful we're deploying it in beta for free to teams that need it now.
Oracle Is Saying What Every Security Team Has Whispered for a Year
Oracle announced it will move from quarterly to monthly Critical Patch Updates starting May 28, and named a specific cause: "AI-enabled software vulnerability discovery." That's the first major enterprise vendor to publicly tie its patch calendar to AI discovery. The same week, AI tools surfaced a 20+ year-old PostgreSQL/MariaDB flaw, Mythos found a 27-year-old vulnerability in widely-used software, and a researcher exploited a 21-year-old PHP bug that audits had missed since the early 2000s.
Worth a reality check on what monthly actually changes. Oracle's April CPU shipped 481 patches; going monthly doesn't reduce that volume, it spreads it across twelve drops a year instead of four. The cadence change is a normalization move — Microsoft has run monthly Patch Tuesday since 2003, Adobe aligns its bulletins to it, Apple ships rolling — putting Oracle's calendar in line with where the rest of the industry has been for two decades.
What monthly doesn't change:
• The disclosure-to-patch lag inside any individual CVE
• The size of the median CPU
• The volume buyers absorb between drops
The same week Oracle announced this, Google retooled its Android bug bounty, paying less for bugs AI tools can already find and up to $1.5M for full-chain exploits with persistence. The bug economy is sorting itself faster than vendor calendars are catching up: discovery of an entire class of bugs just got commoditized; hard exploitation didn't.
Takeaways
The thing worth reading into Oracle's announcement isn't the monthly cadence (overdue). It's the explicit citation of "AI-enabled software vulnerability discovery" as the cause. That's a vendor PR team admitting in writing that AI is now finding things their internal SDLC misses, which is a credibility statement most enterprise vendors aren't ready to make on the record yet. Watch which other tier-one vendors copy the language versus just copying the calendar.
The White House Is Drafting Three-Day Patch Rules
Following Anthropic's Mythos disclosures (which we first covered in early April), three federal moves landed in the same week:
• Pre-release AI reviews — White House is weighing them for high-risk AI models capable of facilitating cyberattacks.
• Three-day patch rule — Federal officials are separately floating one, a sharp compression from the current two-week federal standard.
• "Copy Fail" KEV directive — CISA independently ordered agencies to patch the nine-year-old Linux flaw by May 12.
None of these proposals are finalized. All of them are unusual to see in public this fast.
Two separate proposals worth keeping straight, because most coverage is conflating them. The three-day patch rule would compress the current 14-day default for CISA KEV-listed vulnerabilities on federal systems; it would not become a universal enterprise standard. The pre-release AI review proposal is aimed at "high-risk" models capable of facilitating cyberattacks, and the entire policy fight will be about where that threshold gets drawn. OpenAI, Google, and Meta will file public-comment positions arguing their flagship models don't qualify; Anthropic withholding Mythos is the only existing data point on the other side, and one data point isn't a regulatory definition.
Both proposals also duck the same thing: neither addresses disclosure quality or vendor advisory completeness. VulnCheck verified only 1 of 75 Anthropic-credited CVEs last month. A faster patch SLA layered on top of a noisy disclosure pipeline produces faster panic, not faster security.
Takeaways
Realistic timeline matters here. White House discussion to OMB memo to draft NPRM to final rule typically runs 12-18 months at the fast end, and the CISA three-day proposal is still at the floated-by-officials stage with no NPRM filed. The signals worth tracking quarterly until then:
• Which trade groups (BSA, ITI, ITAA) file public-comment positions and what they ask for
• Whether OMB issues an interim memo on patch timing for the Federal CIO Council
• Whether any tier-one vendor commits to a 72-hour internal SLA in advance of regulation
The order in which those happen tells you where the rule actually lands.
What 30 Security Reports Actually Say About AppSec in 2026
We synthesized 30 industry reports this week. That includes Verizon DBIR, Mandiant M-Trends, the CrowdStrike Global Threat Report, Veracode SoSS, Datadog's State of DevSecOps, the GitLab DevSecOps Survey and dozens more.
A few numbers from the synthesis that map directly to the trends we saw this week:
• 82% of organizations carry security debt older than one year.
• 78% run known critical vulnerabilities in production.
• 87% of AI-generated agent code contains at least one vulnerability; the best-performing model produces secure code only 7.8% of the time.
• 30% of breaches now involve third-party components, doubled year-over-year.
• 5 days is the median time from disclosure to active exploitation, down from 63 last year.
• 865,398 alerts is what the average organization processes annually.
• 89% of security teams describe themselves as understaffed.
• 70% of CISOs say they're open to leaving the role this year.
The framing the synthesis lands on is structural. Industrial-scale detection paired with artisanal-scale remediation. That creation-remediation gap is what cPanel exploited this week, what Oracle is restructuring around, and what the White House is trying to legislate around. The 30 reports don't disagree on the diagnosis. They disagree on whether the next 18 months produce a fix or a permanent acceptance of the backlog.
Takeaways
What to watch over the next two quarters to know which way the window resolves:
• Whether any tier-one vendor commits to a 72-hour internal SLA before regulation forces it
• Whether the next DBIR shows MTTE compression slowing or accelerating
• Whether the Veracode 7.8% secure-code-generation number moves materially with the next round of model releases
If those three numbers don't shift, the "accept the backlog" path is the one being chosen by default.
Vulnerabilities in the Wild
Actively Exploited (CISA KEV)
• CVE-2026-41940 — cPanel & WHM (CVSS 9.8) — Authentication bypass via session-file injection; unauthenticated remote attacker gains root. 40,000+ servers compromised in "Sorry" ransomware campaign. Exploited since March; KEV May 1.
• CVE-2026-32202 — Linux kernel ("Copy Fail") — Nine-year-old kernel flaw enabling local privilege escalation to root. Active exploitation confirmed; CISA federal patch deadline May 12.
Critical Patches Worth Tracking
• vm2 sandbox bug (CVE pending) — Sandbox escape allowing arbitrary code execution on host. Hits every project using vm2 to run untrusted JS.
• Weaver E-cology critical bug — Pre-auth RCE in PRC enterprise platform; under active exploitation since March alongside MetInfo.
• CVE-2026-42248, CVE-2026-42249 — Ollama (Windows) — Auto-updater turned into persistent RCE vector; ~300,000 Ollama deployments at risk of information theft.
• Apache MINA / HTTP Server (multiple) — Critical and high-severity patches across two widely-deployed Apache projects.
• Critical Android RCE (May Bulletin) — Critical RCE patched in Android via May security bulletin.
• WhatsApp file spoofing + arbitrary URL scheme — Two disclosed vulnerabilities affecting how WhatsApp surfaces files and handles URL schemes.
High-Severity, Public Exploit Available
• CVE-2026-23231 — Linux nf_tables 6.19.3 LPE — Use-after-free in nf_tables; affects 3.16–6.19.3. Public exploit on Exploit-DB.
• Linux proc_readdir_de() 6.18-rc5 LPE — Local privilege escalation; public exploit available.
• ISC DHCP Server unauth root RCE — Feature-chaining attack via OMAPI achieves unauthenticated root. Researcher used AI-assisted code analysis to find it.
• PHP unserialize() UAF (since 2005) — 21-year-old use-after-free in unserialize(); ~2,000 HTTP requests trigger memory corruption + RCE on PHP 8.5.5.
• PostgreSQL / MariaDB (20+ years) — Xint Code (AI-powered analysis) surfaced high-severity zero-day tracing back 20+ years across both database systems.
• MindsDB 25.9.1.1 path traversal — Path traversal with public PoC.
• Traccar GPS 6.11.1 CSWSH — Cross-site WebSocket hijacking; public PoC.
• Windows shell spoofing — Shell spoofing exposes sensitive data via how Windows surfaces file context.
Curated Reading List
Thought-Provoking
• AI agents can bypass guardrails and put credentials at risk, Okta study finds (CSO Online) Why it's worth your time: First public testing study to document concrete agent guardrail failure modes — agents revealing data unprompted, overriding their own guardrails, sending credentials via Telegram. Useful baseline for anyone deploying agentic workflows in production.
• One in four MCP servers opens AI agent security to code execution risk (Help Net Security, citing Noma Security) Why it's worth your time: Ecosystem-level finding from Noma's MCP audit — 25% RCE-vulnerable. If your team uses Model Context Protocol servers in production or for internal tooling, you have a non-zero chance of running one of these today.
• Andrej Karpathy Has Renamed Vibe Coding. Here's What Engineering Leaders Need to Do About It. (SD Times) Why it's worth your time: Karpathy renamed it "agentic engineering," distinguishing casually accepting AI output from deliberately designing systems with comprehension at every layer. Worth reading for how to position the conversation with your CTO or board.
Current Events
• 1,800 Developers Hit in Mini Shai-Hulud Supply Chain Attack Across PyPI, NPM, and PHP (Security Boulevard) Why it's worth your time: Largest coordinated cross-ecosystem supply chain campaign of the week. Hits the same trust-abuse pattern as DAEMON Tools and OceanLotus — your typosquatting defenses don't help here.
• CISOs step up to the security workforce challenge (CSO Online, citing ISC2 2025 Workforce Study) Why it's worth your time: The 95% skills-gap number behind every other story this week. ISC2 quantifies the AppSec workforce shortage that makes the cPanel/Oracle/Mythos remediation crisis structural rather than transient.
AppSec Weekly is curated by the Pixee team from open-source security feeds and analyst reports. We cover what AppSec leaders, CISOs, and engineering executives need to track without reading 100 RSS feeds.
