Industry Trends & Events

The Flood Has a Name Now: 570 CVEs, Microsoft’s AI Pipeline, and the Wave That Still Hasn’t Hit.

by Brad Hibbert, COO & CSO//44 min read/

July 2026 Patch Tuesday arrived today as the largest monthly security release Microsoft has ever shipped, and for the first time the company told us in advance that it was coming. Depending on whose methodology you follow, the core count lands at 570 CVEs, and independent tallies reach 621 to 622 before roughly 468 additional Edge and Chromium fixes are counted. Two zero-days are under active exploitation, one in Active Directory Federation Services and one in SharePoint Server. Five days before the release, Microsoft confirmed that an AI vulnerability discovery pipeline called MDASH now feeds its patch stream and warned customers to expect higher volumes in every release from here on. Adobe, for its part, moved to a twice-monthly release cadence and shipped 88 CVEs in the first installment. We updated our monthly analysis with verified July data alongside the full April, May, and June record.

This is the fourth edition of the Brinqa Research Team monthly vulnerability landscape analysis. For new readers, the background: on April 7, Anthropic announced Project Glasswing and Claude Mythos Preview, a model capable of autonomously finding and chaining zero-day vulnerabilities at a scale and speed that previously required elite human researchers. Access was restricted to a coalition of vetted defenders, roughly 50 organizations at launch, expanded to more than 200 in June and then to critical infrastructure operators across 15 countries in early July. The April edition covered the initial patch surge. The May edition documented the new elevated floor and the first appearance of AI tooling as a patch category. The June edition recorded what was then the largest release in history and warned that July was shaping up as a compound event, with the Glasswing 90-day report due in early July and Patch Tuesday landing a week later.

Half of that prediction arrived on schedule. The release that landed today is nearly triple June’s record, which itself stood for exactly one month. What we did not predict was the source. The coordinated Glasswing disclosure wave has still not started, and Anthropic’s promised 90-day public report remained unpublished as of this writing. The flood arrived anyway, driven not by a frontier lab’s restricted model but by Microsoft’s own internal AI discovery system, announced on a corporate blog five days before the release. Our April edition carried the title “The Patch Flood Is Already Here. And the Real Wave Hasn’t Hit.” Three months later, both halves of that sentence are still true, which tells you something about how much runway remains in this trend. AI-scale vulnerability discovery no longer requires special access to a restricted model. It is becoming standard vendor engineering practice, and it will be arriving in your patch queue every month from now on.

Here is the verified monthly data and what it means for your exposure management program.

The Numbers: July Triples the Record, and Every Methodology Agrees

Each month we pull vendor advisory data and cross-reference it against independent analysis from Tenable, Qualys, Rapid7, CrowdStrike, BleepingComputer, and the Zero Day Initiative. The counting methodologies have always diverged at the margins, but July is the month they diverge by more than fifty CVEs, and Microsoft itself made the counting harder. The Security Update Guide no longer enumerates every CVE in its release notes, replacing the full list with summary counts by product family and a short “Notable CVEs” section, a change Rapid7 observed leaves the enumeration work to everyone else. As always, we note each count explicitly.

“Every methodology lands at nearly three times the previous all-time high, and that previous high was set last month.”

Microsoft: The June Record Lasted One Month

The core counts for July: BleepingComputer confirms 570 CVEs released on the day, with 59 rated Critical and 48 of those remote code execution, explicitly excluding the 468 Edge and Chromium fixes and the cloud-service CVEs Microsoft addressed earlier in the month. Tenable counts 569, with 56 Critical and 510 Important. Qualys lands on 570 with 57 Critical. Microsoft’s own Security Update Guide totals 622 unique CVEs, and ZDI’s Dustin Childs, whose independent ledger goes back two decades, counts 621 while declining to itemize roughly 480 additional Chromium and Edge bugs. By product family, Windows alone accounts for a record 416 of the total, with 82 in Office and 46 in Edge. Elevation of privilege makes up 43.8% of the release by Tenable’s breakdown, with remote code execution at 25.1%.

Whichever methodology you prefer, every one of them lands at nearly three times the previous all-time high, and that previous high was set last month. Childs opened his review by declaring that “the bug apocalypse has fully descended upon us,” and called this the mother of all releases. His twenty-year retrospective makes the structural point better than any single month can: Microsoft’s CVE count for 2026 year to date now exceeds every previous full-year total in his ledger, and we are in July.

The trendline through seven months of 2026 now reads:

MonthCore CVEsMoM ChangeBrowser CVEsNotable

January 2026

114

baseline

~15

Already elevated; 3 zero-days

February 2026

58

-49%

~15

6 actively exploited zero-days

March 2026

79

+36%

~21

AI-discovered CVSS 9.8 RCE

April 2026

167

+111%

80

Tied the then all-time record; 2x Q1 avg

May 2026

120

-28%

First zero-day-free release since Jun 2024

June 2026

200

+67%

360

Broke the record outright; 3 CVSS 9.8 wormable-class RCEs

July 2026

570

+185%

468

Nearly triple the June record; Microsoft pre-announced its MDASH AI pipeline

Core counts follow BleepingComputer’s day-of-release methodology for month-over-month consistency. Tenable, ZDI, and Microsoft’s own counts for July (569, 621, and 622 respectively) reflect differing inclusion rules for cloud-service CVEs and fixes released earlier in the month.

The Q1 monthly baseline was 84 core CVEs. July lands at roughly 6.8 times that baseline. The total patching workload, core plus browser, tells the operational story more honestly than the headline number does: 247 in April, 248 in May, roughly 560 in June, and roughly 1,040 in July. The workload has doubled twice in two months, and the Q1 baseline we have referenced since April is starting to look less like a floor that volume will return to and more like the starting point of a curve.

Two Exploited Flaws, One Public Bypass, and the Researcher Feud Rolls On

Two vulnerabilities in this cycle were under active exploitation before patches shipped. Both are elevation of privilege flaws, both sit on identity and collaboration infrastructure, and both carry severity labels that understate what they mean in practice.

  • CVE-2026-56155: Active Directory Federation Services elevation of privilege, CVSS 7.8. An access-control granularity flaw that lets a low-privileged local attacker gain administrative control of an AD FS server. Microsoft credited its own DART incident responders, which tells you how it was found. AD FS signs the tokens that the rest of your estate trusts, so a “local” flaw on that host is a domain problem, and ZDI notes this class of bug is routinely paired with an RCE in ransomware operations. CISA has added it to the Known Exploited Vulnerabilities catalog, and Microsoft announced it has begun hardening the ACL on the AD FS Distributed Key Manager container.
  • CVE-2026-56164: SharePoint Server elevation of privilege, CVSS 5.3, and rated only Moderate. The score is the least informative thing about it. This is a missing-authentication flaw that an unauthenticated attacker can reach over the network with no user interaction, and it is being exploited now. The credits, to Mandiant Incident Response and Google Cloud researchers, again point to discovery inside active attacks. It affects SharePoint Server 2016, 2019, and Subscription Edition, and enabling AMSI with Request Body Scan set to Full mitigates while patches roll out. CISA added it to the KEV catalog and issued separate hardening guidance for on-premises SharePoint. A 5.3 under active exploitation sitting next to sixty unexploited Criticals is as clean a demonstration as this year will produce of why severity scores fail as a triage signal.
  • CVE-2026-50661: Windows BitLocker security feature bypass, CVSS 6.1, publicly disclosed but not confirmed exploited. An attacker with physical access to a device can bypass the encryption and read its data. CrowdStrike’s analysis suggests this may be the fix for the GreatXML bypass released by the Nightmare Eclipse persona, the same researcher whose dispute with MSRC we have been tracking since the spring.

That dispute is not over. The RoguePlanet Defender zero-day, CVE-2026-50656, which dominated the between-release news cycle, was fixed out of band on July 8 through a Malware Protection Engine update that deploys automatically. Within hours of today’s release, the same researcher published a stripped-down proof of concept for yet another unpatched Windows elevation of privilege flaw, this one dubbed LegacyHive. In June we recommended treating boot-path and encryption integrity as a campaign rather than a category, and nothing in the past five weeks has given us a reason to retire that advice. The well has not run dry.

A CVSS 9.9 Guest-to-Host Escape and a Crowd of 9.8s

Beyond the zero-days, the risk profile of this release concentrates in a handful of unusually reachable flaws.

  • CVE-2026-57092, Windows VMSwitch elevation of privilege (CVSS 9.9). The highest customer-actionable score of the month. It is a use-after-free that lets a low-privileged attacker inside a guest VM escalate to full compromise of the Hyper-V host, and two further Critical Hyper-V escalations (CVE-2026-50680 and CVE-2026-54127) ship alongside it. A guest-to-host escape puts the virtualization host ahead of every workload it carries, so give these their own change window.
  • CVE-2026-50522 and CVE-2026-58644, SharePoint RCE (CVSS 9.8 each). Unauthenticated deserialization flaws requiring no user interaction. CVE-2026-50522 was demonstrated at Pwn2Own Berlin, yet Microsoft lists its exploit maturity as unknown, which ZDI notes with some exasperation given that a working exploit was handed to the vendor. It is one more reason to run your own risk assessment rather than inherit the vendor’s. Stacked on top of the exploited zero-day above, on-premises SharePoint is this month’s single most urgent patch unit.
  • CVE-2026-55040, SharePoint security feature bypass. Disclosed by Rapid7’s Stephen Fewer from the team’s Pwn2Own research, this is a JWT authentication bypass that forms the first half of an unauthenticated RCE chain. The second half does not get patched until August, which makes this July fix the link that breaks the chain. It also carries a four-point severity dispute, with Rapid7 reading Microsoft’s rating at 5.3 while ZDI reads the release as Critical at 9.1. That spread is a useful measure of what a severity number is worth this month.
  • The unauthenticated network 9.8s. CVE-2026-56188 is a race condition in a Windows Server network driver that ZDI flags as wormable despite its finicky exploitation profile. CVE-2026-50518 and CVE-2026-56159 affect DHCP Server, part of a set of five DHCP remote code execution fixes this month. CVE-2026-56190 affects Remote Desktop Protocol, CVE-2026-54990 the Remote Desktop Client, and CVE-2026-49172 the Windows FTP service. All of them are unauthenticated, network-reachable, and sitting on near-universal Windows attack surface.
  • CVE-2026-55008, Exchange Server “spoofing” (CVSS 9.6). The title undersells it. ZDI reads this as stored cross-site scripting in Outlook Web Access with changed scope: a crafted email executes JavaScript in the victim’s browser session the moment the message is viewed, with no attachment and no macro prompt. The advice we gave in June about OWA-adjacent flaws deserving better than their labels applies here without modification.
  • The “why not” file. A CVSS 9.8 unauthenticated RCE in Minecraft Bedrock Dedicated Server (CVE-2026-55010) and a remote code execution flaw in Age of Empires II: Definitive Edition (CVE-2026-50663). The point here is not the novelty. When an AI harness sweeps an entire product portfolio, the games get patched on the same Tuesday as the domain controllers, and the practical scope of vulnerability management quietly expands to match.

There is also a calming note in the data, and it is the same one we sounded last month. CVE-2026-45499 in Azure OpenAI and CVE-2026-57100 in Microsoft Entra Provisioning Service both carry CVSS 9.9, and both were remediated by Microsoft on the service side and documented for transparency. Two of the three highest scores in the release require zero customer action, while a 5.3 requires immediate attention. Recognizing that kind of distinction is exactly what separates exposure management from CVE counting.

One structural item deserves its own flag. This update completes Microsoft’s multi-year Kerberos RC4 hardening by removing the RC4DefaultDisablementPhase rollback switch, meaning domain controllers will no longer fall back to RC4-based Kerberos tickets after the update is applied. Service accounts, legacy applications, and non-Windows integrations that still rely on RC4 can fail authentication the moment the patch lands. The order of operations matters here: audit RC4 usage first, using the Kerberos audit events Microsoft added in January, rotate passwords on affected service accounts to generate AES keys, and then patch.

Microsoft Says the Quiet Part Out Loud: The Volume Is Intentional

In each of our first three editions we wrote some version of the same sentence: the industry can confirm the volume is structurally elevated and almost certainly AI-driven, but no vendor is saying so on the record or giving defenders a framework for operating at this velocity. The first half of that sentence became obsolete on July 9, five days before this release, when Windows chief Pavan Davuluri published a post confirming that Microsoft runs an AI-powered vulnerability discovery system called MDASH, a multi-model agentic scanning harness, against critical Windows binaries. The pipeline scans with multiple models, including third-party vulnerability research models, validates candidates through a cross-model debate stage, and runs a Windows-specific proving step to eliminate false positives before findings reach an engineer. Microsoft first detailed MDASH publicly in May, when the system independently identified 16 vulnerabilities ahead of that month’s Patch Tuesday. Davuluri’s July post told customers plainly that they “will see a higher volume of security updates” in each release going forward.

It is worth pausing on what that announcement closes the book on. The vendor that ships the world’s most widely deployed operating system has industrialized AI vulnerability discovery, built dedicated cloud infrastructure to run it, and pre-announced permanently higher patch volumes as the intended outcome. At the same time, Microsoft has tightened its deployment guidance, recommending that organizations defer quality updates by fewer than three days, with update deadlines of zero to one day. The vendor is telling you two things at once: there will be far more patches, and you will have far less time to apply them. Neither of those is compatible with a triage process that depends on humans reading advisories one at a time.

What Microsoft has not answered is the question Dustin Childs first raised in June and repeated this month: how many of these AI-found flaws receive AI-generated or AI-tested patches, and what regression risk that introduces at this velocity. The Security Update Guide restructuring, which shipped this month with at least one duplicate-listing error in its new Notable CVEs section, does not build confidence that the reporting layer is keeping pace with the discovery layer.

The AI Attack Surface Keeps Compounding

In May we flagged the first appearance of AI tooling as a patch category. In June we showed agentic infrastructure, meaning MCP servers, Copilot clients, and IDE extensions, entering the patch stream with identity-takeover-class flaws. July continues the pattern and adds a genuinely novel attack vector. CVE-2026-48561 is a Critical CVSS 9.6 remote code execution flaw in Microsoft Copilot that, per Microsoft’s advisory, can be triggered by a malicious website causing Edge for Android to automatically send crafted prompts to Copilot when a user simply visits the page. Drive-by prompt injection escalating to code execution has moved from conference-talk hypothetical to Patch Tuesday line item in the space of about a year.

The rest of this month’s AI cluster includes a GitHub Copilot remote code execution flaw (CVE-2026-50510), a GitHub Copilot and VS Code security feature bypass (CVE-2026-41109) alongside a token disclosure flaw (CVE-2026-47282), a VS Code remote code execution flaw (CVE-2026-50520) with three further VS Code security feature bypasses, an M365 Copilot elevation of privilege fixed on the service side, and an M365 Copilot for iOS elevation of privilege (CVE-2026-58617). Our guidance from June has not changed, though it has become more urgent. If your vulnerability management program does not yet inventory Copilot desktop clients, IDE AI extensions, AI SDKs, and MCP infrastructure, these patches are invisible to it, and the unmanaged attack surface is accumulating on the fastest-growing part of your estate.

What the Security Industry Is Saying

We track analyst and vendor commentary each month alongside the advisory data.

Zero Day Initiative, Dustin Childs (July 14, 2026): Childs called July the mother of all releases and confirmed that his year-to-date count already exceeds every full-year Microsoft total in the two decades he has tracked. He praised Adobe’s move to a split monthly cadence as a sensible way to make monster releases digestible, noted that Apple is reportedly considering the same approach, and repeated the still-unanswered question about the quality risk of AI-assisted patch production at this speed.

Tenable, Satnam Narang, Senior Staff Research Engineer (July 14, 2026): Narang told CyberScoop that Microsoft is on pace to shatter its full-year CVE record of 1,245 set in 2020, projecting the company could exceed two thousand and potentially three thousand CVEs in 2026. His caution matters more than his projection: the surge reflects how effective these tools have become at finding bugs, “not how many of those bugs actually pose a risk to organizations.” In separate comments to KrebsOnSecurity, he argued that Microsoft’s Exploitability Index has not kept pace with machine-speed exploitation, since the index models human attackers while Anthropic’s own red team showed Mythos Preview producing working proofs of concept for 13 of 14 flaws that Microsoft had rated unlikely to be exploited. His supporting example comes from this very cycle: CVE-2026-45659, the SharePoint flaw Microsoft tagged Exploitation Less Likely in June, was added to the CISA KEV catalog on July 1.

Rapid7, Adam Barnett (July 14, 2026): Rapid7’s analysis highlighted the SharePoint chain, its own researcher’s JWT bypass plus the RCE half embargoed until August, and flagged the restructuring of Microsoft’s Security Update Guide, which no longer enumerates the month’s CVEs, as emblematic of an industry struggling to report on its own disclosure volume.

Ivanti (July 2026): Chris Goettl observed that Microsoft’s record arrives as nearly every major vendor accelerates its cadence, with Adobe moving to twice-monthly bulletins while citing AI, and Cisco, Mozilla, and Oracle all shipping updates more frequently. In his pre-release forecast, colleague Todd Schell was more blunt, declaring that “the Patch Apocalypse is here” and raising the question now hanging over every program: whether tracking individual CVEs remains practical at all, or whether teams should simply patch to the latest release as fast as change control allows.

Keeper Security, Shane Barney, CISO (July 2026): Barney noted that patch programs designed around a manageable monthly queue cannot absorb hundreds of fixes without risk-based prioritization, and that a moderate flaw on an exposed authentication or collaboration server may warrant faster action than a critical bug on an isolated system. That is precisely the shape of this month’s two exploited zero-days.

The common thread has evolved across our four editions. In April the industry was asking whether AI was driving the volume. In July the vendor confirmed it in advance, and the conversation has shifted to whether CVE-level tracking is even viable anymore. Our answer is the one we have given each month, and it has not changed: raw tracking was never the point. Context, meaning what is reachable, what is being exploited, what sits on your critical assets, and what your compensating controls already neutralize, is the only thing that turns a thousand-CVE month into a work queue.

The Exploitation Picture Between the Releases

The five weeks between June 9 and today were among the busiest inter-release periods we have tracked. Microsoft shipped the RoguePlanet Defender fix out of band on July 8 after the researcher published proof-of-concept code, and CISA separately confirmed that earlier flaws from the same feud, including BlueHammer, are being exploited by ransomware operators. CISA also issued hardening guidance for on-premises SharePoint amid active exploitation of two recently patched flaws, CVE-2026-32201 and CVE-2026-45659. Readers of the June edition will recognize the second of those: it is the out-of-band SharePoint RCE from May 21 that we flagged last month, which Microsoft had rated Exploitation Less Likely and which entered the KEV catalog on July 1. The gap between the vendor’s exploitability assessment and observed reality is becoming a monthly feature of this series.

Beyond Microsoft, SonicWall warned that two SMA1000 vulnerabilities, CVE-2026-15409 and CVE-2026-15410, were exploited as zero-days. SAP’s July update fixed 16 flaws including three critical issues, led by CVE-2026-44747, a memory corruption flaw in NetWeaver Application Server rated CVSS 9.9, along with CVE-2026-27690 in SAP Approuter. CISA added a Cisco IOS flaw to the KEV catalog. The cross-vendor pattern from our first three editions holds without exception: exploitation concentrates on edge devices, identity surfaces, and remote-access infrastructure, regardless of where the CVE volume concentrates.

The structural numbers we have cited since May remain the operating reality. Qualys found that 88% of critical actively weaponized vulnerabilities were remediated slower than attackers exploited them, CrowdStrike’s fastest recorded breakout time stands at 27 seconds, and Google M-Trends puts average time-to-exploit for the most serious flaws at minus seven days. Every month of record volume widens the denominator those percentages apply to, and July widened it by more than any month in history.

The NVD Enrichment Gap: Three Months In, and the Math Keeps Getting Worse

Since NIST’s April 15 announcement that the NVD can no longer enrich all CVEs, prioritizing only KEV-listed, federal, and EO 14028 critical software, the daily disclosure rate has continued running at approximately 175 CVEs per day. July makes the arithmetic starker than any previous month. Roughly 570 Microsoft core CVEs, 468 browser CVEs, and 88 Adobe CVEs entered the ecosystem today, with a second Adobe installment due in two weeks and Oracle’s quarterly Critical Patch Update landing July 21. A meaningful share of all of it will reach scanner feeds without enriched severity metadata. Teams that still depend on NVD CVSS as their primary triage signal are now operating partially blind on the largest releases ever shipped, in a month where the single most important vulnerability in the release carries a 5.3. FIRST’s forecast of 50,000 or more CVEs in 2026 looked aggressive in January and conservative in May. Against ZDI’s observation that this year has already out-produced every prior full year, and Narang’s projection that Microsoft alone could approach three thousand CVEs, it now looks quaint.

"A 5.3 under active exploitation sitting next to sixty unexploited Criticals is as clean a demonstration as this year will produce of why severity scores fail as a triage signal."

The Glasswing Watch: The Report Is Overdue, and August Is the New July

In June we framed July as a compound event, with Anthropic’s 90-day Glasswing summary report due around July 6 and Patch Tuesday following on July 14, and we recommended spending the intervening four weeks pressure-testing intake, triage, and routing. The second half of the compound event arrived, spectacularly. The first half did not. As of publication, the promised public report has not appeared. What Anthropic did do in early July was expand the program again, adding roughly 150 critical infrastructure organizations across 15 countries, spanning power, water, healthcare, and communications. The program now exceeds 200 partners, and those partners moved from Mythos Preview onto the more capable Mythos 5 in June.

The disclosure mathematics have not improved while the report has been pending. Anthropic’s own May update reported more than ten thousand high- or critical-severity findings across its partners, plus an open-source scanning effort that surfaced 6,202 estimated high- or critical-severity flaws, of which only 75 disclosed bugs had been patched at that time. Anthropic itself acknowledged that maintainers are overloaded, with some asking the company to slow its disclosure rate because they cannot design patches fast enough. Every one of those findings sits on a coordinated disclosure clock, and the expanded program’s 90-day window closes in early August, days before Black Hat. Add Adobe’s new fourth-Tuesday release on July 28, Oracle’s CPU on July 21, and an August Patch Tuesday that will carry the second half of a SharePoint RCE chain the entire research community now knows exists, and the compound event we warned about has not been cancelled so much as rescheduled, and it has grown in the interim.

One more thing changed this month, and it is the most important strategic fact in this edition. July demonstrated that the wave does not need Glasswing. Microsoft’s MDASH produced a Glasswing-scale disclosure surge from a single vendor’s internal tooling. When the actual Glasswing embargoes begin expiring on top of vendor pipelines that now, the two waves stack. August and September planning should proceed on that assumption.

Beyond Microsoft: Adobe Splits Its Release in Two

Adobe formalized what the volume has been forcing for months. Beginning in July, it ships security bulletins twice monthly, on the second and fourth Tuesdays, and it cited AI-accelerated discovery as the reason. The first July installment contained 12 bulletins addressing 88 unique CVEs (Qualys counts 89) across ColdFusion, Commerce, After Effects, Animate, Audition, Bridge, Creative Cloud Desktop, Experience Manager, Illustrator, Media Encoder, Premiere Pro, and the Content Credentials SDK. Nothing is under active exploitation. ColdFusion leads at Priority 1 with a CVSS 9.9, consistent with its long history as an actively targeted platform, and Commerce follows with a 9.6. The rest can ride your regular cadence. The operational note is the cadence itself: Adobe patching is now a twice-monthly motion, and the fourth-Tuesday installment lands July 28, one week after Oracle’s CPU.

The Instinct to Add More Scanners Is Still Wrong, Especially at This Volume

Your scanners answer one question: what vulnerabilities exist in my environment? In a month where core-plus-browser volume passed one thousand, that question produces a mountain range. The question your team actually needs answered is unchanged. Which of these represent real, exploitable risk to my business right now, with my compensating controls, against my most critical assets?

Consider what July actually demands of a remediation program. Two CVSS 9.9s, in Azure OpenAI and Entra Provisioning, that require zero customer action. A CVSS 5.3 SharePoint flaw that is the most urgent item in the release because it is being exploited today. A security feature bypass that one vendor scores at 5.3 and another at 9.1, whose real significance is that it breaks an RCE chain whose other half will not be patched until August. A wormable 9.8 race condition that may prove genuinely difficult to exploit. An identity-infrastructure 7.8 that translates into domain compromise, and a Kerberos change that can break authentication for anyone who patches before auditing. Severity scores alone get every one of those calls wrong. It takes environmental context to get them right, and this month even the vendor’s own advisory page stopped pretending that a flat list of CVEs is a workable interface for the problem.

Where Brinqa Fits in This Environment

Brinqa's CyberRisk Graph™ normalizes findings from across your scanner ecosystem, including Tenable, Qualys, Rapid7, CrowdStrike, Microsoft Defender, and 240+ other sources, and correlates them against asset context, business criticality, compensating controls, and real-world exploit intelligence – the foundation of a continuous threat exposure management (CTEM) program. That correlation is what turns a thousand-CVE month into a prioritized, defensible work queue.

AI-powered deduplication at ingestion. When July delivers roughly 1,040 Microsoft CVEs across the core and browser streams and your scanners each report overlapping subsets, Brinqa's AI Deduplication Agent consolidates findings into unified exposure records with confidence scoring, so three tools flagging CVE-2026-56164 produce a single prioritized exposure instead of three tickets — the same complete-data foundation behind bring your own AI on complete exposure data.

Context-aware prioritization. The exploited 5.3 on an internet-facing SharePoint farm is a drop-everything event, while the 9.9 already fixed in Azure is a documentation footnote. Brinqa's AI layer, the engine behind vulnerability prioritization, weighs exploitability, reachability, and mitigating controls so your team works the first case first. This is exactly the machine-speed recalibration that the Exploitability Index critique calls for.

Ownership inference. At 570 core CVEs, findings without owners are findings without remediation. Brinqa’s inference capability analyzes patterns across exposure and asset data to identify likely owners for unassigned findings, closing a routing gap that manual triage cannot close at this volume.

SmartFlow-driven remediation routing. Findings route automatically to the right teams with context, SLA enforcement, and escalation. That is the operational answer to a world where 88% of critical KEVs are remediated slower than they are exploited and where Microsoft now recommends deployment deadlines measured in days.

Exploitation signal integration via BrinqaIQ. Your team works the flaws attackers are actually using, such as the AD FS and SharePoint zero-days, the June SharePoint bugs CISA just escalated, and the SonicWall SMA1000 pair, rather than whichever CVE carries the most dramatic score.

"Context — what is reachable, what is being exploited, what sits on your critical assets, and what your compensating controls already neutralize — is the only thing that turns a thousand-CVE month into a work queue."

Five Recommendations Before the August Window

1. Patch identity and collaboration infrastructure as one emergency change.

The exploited AD FS flaw, the exploited SharePoint flaw, the SharePoint 9.8 RCE pair, and the chain-breaking security feature bypass belong in the same accelerated window. Enable AMSI with Request Body Scan set to Full on SharePoint as the interim control, review AD FS and SharePoint access logs for signs of prior exploitation, and treat any internet-facing SharePoint farm as this month’s top priority regardless of what the severity column says.

2. Give virtualization hosts their own change window.

CVE-2026-57092 and the two Critical Hyper-V escalations mean a compromised guest workload can become a compromised host. A virtualization host outranks every guest it carries, so patch the platform before the tenants.

3. Audit Kerberos RC4 before you deploy, because the safety net is gone.

This update removes the RC4 rollback control from domain controllers. The sequence matters: audit RC4 usage through the Kerberos audit events Microsoft added in January, rotate passwords on RC4-dependent service accounts so they generate AES keys, and then patch. Patching first can mean authentication failures that you end up diagnosing in production.

4. Re-baseline your pipeline for vendor-confirmed permanent volume.

Microsoft has now said in writing that volumes go up from here and that deferral windows should shrink to days. If your intake, deduplication, triage, and routing needed heroics to absorb June, remember that July was nearly triple June, and no one has promised that August will regress. The metric to manage remains the one we have recommended since May: your Average Window of Exposure, the time from a confirmed exploitable vulnerability entering your environment to its validated closure. If producing that number still requires a spreadsheet, that is the project for the next four weeks.

5. Plan August as the compound event July was supposed to be.

The Glasswing 90-day report is overdue, the program’s expanded disclosure window closes in early August days before Black Hat, Adobe’s fourth-Tuesday installment lands July 28, Oracle’s CPU lands July 21, and August Patch Tuesday will carry the published half of a SharePoint RCE chain that the entire research community now knows exists. Assume the waves stack. Pre-stage the intake automation, escalation paths, and emergency change process now. This is the same advice we gave before July, with one difference: July has since demonstrated what happens when the preparation window is spent waiting.

April tied the record. May confirmed the floor. June broke the record outright. July nearly tripled it, and for the first time the vendor told us in advance, in writing, that this is the intended new normal, driven by its own AI discovery pipeline before the Glasswing wave has even begun to land. This was the month it stopped being realistic for a human to read every advisory in a Microsoft release, and Microsoft’s own advisory format now concedes as much. The teams that keep pace from here will not be the ones that read faster. They will be the ones whose platforms can decide faster, with the data, context, and automation to operate at the same machine speed as the discovery engines now filling the queue.

We will publish the August edition on the next Patch Tuesday.

If you’re working through what vendor-confirmed, AI-driven CVE volume means for your program, speak with a Brinqa Expert about where it stands today.

Meet with a Brinqa ExpertMeet with a Brinqa Expert

FAQs

It confirms that AI-driven vulnerability discovery is now permanent vendor practice, not a one-off surge. Microsoft told customers in advance to expect higher volumes in every release going forward while cutting deployment deadlines to zero-to-three days. Programs built around monthly, human-reviewed advisories can no longer keep pace — this volume requires automated deduplication, exploitability context, and asset-based prioritization to stay actionable.

Every major counting methodology agrees July nearly tripled June's record, which itself had stood for exactly one month. Core counts range from 569 (Tenable) to 622 (Microsoft's own Security Update Guide), plus 468 Edge/Chromium fixes — a combined patching workload of roughly 1,040 items, against a Q1 2026 baseline of just 84 core CVEs.

The two actively exploited zero-days — CVE-2026-56155 (AD FS elevation of privilege) and CVE-2026-56164 (SharePoint elevation of privilege) — take priority over every unexploited Critical in the release, including two CVSS 9.9 flaws that required no customer action at all. Severity score alone isn't a reliable triage signal this month: the single most urgent flaw is rated only 5.3.

MDASH is Microsoft's internal AI-powered vulnerability discovery system — a multi-model agentic scanning harness that validates candidate flaws through cross-model debate and a Windows-specific proving step before they reach an engineer. Windows chief Pavan Davuluri confirmed on July 9 that MDASH now feeds Microsoft's patch stream directly, and told customers to expect higher update volumes in every release from here on.

Anthropic's promised 90-day Glasswing summary report, expected around July 6, remains unpublished as of this writing. The program expanded in early July to more than 200 partner organizations across 15 countries, including critical infrastructure operators, and its coordinated disclosure window closes in early August — days before Black Hat — meaning the compound event hasn't been cancelled, only delayed and enlarged.

This update permanently removes the RC4DefaultDisablementPhase rollback switch, so domain controllers can no longer fall back to RC4-based Kerberos tickets once patched. Any service account, legacy application, or non-Windows integration still dependent on RC4 can fail authentication immediately. The safe order: audit RC4 usage via January's Kerberos audit events, rotate affected service account passwords to generate AES keys, then patch.

Brinqa's CyberRisk Graph™ normalizes findings from 260+ sources — including Tenable, Qualys, Rapid7, and Microsoft Defender — and correlates them against asset criticality, compensating controls, and real-world exploit intelligence. AI-powered deduplication consolidates overlapping scanner findings into single exposure records, ownership inference closes routing gaps, and SmartFlow automates remediation routing so teams work the flaws attackers are actually exploiting first.

SOURCES AND REFERENCES (UPDATED JULY 15, 2026)

1. Zero Day Initiative, The July 2026 Security Update Review, Dustin Childs, July 14, 2026. 621 Microsoft CVEs plus ~480 Chromium/Edge; 63 Critical; “bug apocalypse” and “mother of all releases”; YTD count exceeds every prior full year; Adobe bimonthly cadence. thezdi.com

2. BleepingComputer, Microsoft July 2026 Patch Tuesday Fixes Massive 570 Flaws, 3 Zero-Days, July 14, 2026. 570 day-of-release CVEs; 59 Critical; 254 EoP / 145 RCE breakdown; 468 Edge/Chromium excluded. bleepingcomputer.com

3. Tenable, Microsoft’s July 2026 Patch Tuesday Addresses 569 CVEs, July 14, 2026. 56 Critical, 510 Important; EoP 43.8%, RCE 25.1%; CVE-2026-55944 Dynamics NAV RCE analysis. tenable.com

4. Qualys, Microsoft and Adobe Patch Tuesday July 2026 Security Update Review, July 14, 2026. 570 CVEs, 57 Critical; 468 Edge/Chromium; CISA KEV deadlines; Adobe advisories. blog.qualys.com

5. Rapid7, Patch Tuesday – July 2026, Adam Barnett, July 14, 2026. 622 total, record 416 Windows CVEs; Security Update Guide restructuring; CVE-2026-55040 JWT bypass and the August RCE chain; SQL Server 2016 ESU transition. rapid7.com

6. CyberScoop, Microsoft Discloses ‘The Mother of All’ Vulnerability Loads, Tripling June’s Previous Record, Matt Kapko, July 14, 2026. Narang: 2,000 to 3,000+ CVE full-year projection versus the 1,245 record of 2020; 416 Windows / 82 Office / 46 Edge; SAP CVE-2026-44747 and CVE-2026-27690. cyberscoop.com

7. KrebsOnSecurity, Microsoft Patches a Record 570 Security Flaws, July 14, 2026. Narang on the Exploitability Index versus machine-speed exploitation; Mythos Preview proofs of concept for 13 of 14 “less likely” flaws; Ivanti (Goettl) on industry-wide cadence acceleration; Action1 (Bicer) on the Copilot RCE vector. krebsonsecurity.com

8. Help Net Security, AI-Driven Bug Hunting Fuels Record Microsoft Patch Tuesday, July 15, 2026. Zero-day details; AD FS DKM ACL hardening; Nightmare Eclipse LegacyHive PoC; CrowdStrike GreatXML note; CISA SharePoint hardening amid CVE-2026-32201 / CVE-2026-45659 exploitation. helpnetsecurity.com

9. Help Net Security / Ivanti (Todd Schell), July 2026 Patch Tuesday Forecast: Is CVE Tracking Still Practical?, July 10, 2026. “Patch Apocalypse” framing; RoguePlanet recap; Oracle CPU July 21; Mozilla bi-weekly cadence. helpnetsecurity.com

10. Microsoft Windows Experience Blog, Pavan Davuluri, July 9, 2026, via The Register, Microsoft Warns Customers AI Will Mean Busier Patch Tuesdays, July 10, 2026. MDASH multi-model agentic scanning harness; dedicated cloud scanning and proving infrastructure; higher update volumes. theregister.com

11. The Stack, Microsoft Expands AI Security Tools, Warns Busier Patch Tuesdays Ahead, July 2026. Davuluri quotes; MDASH at Windows scale. thestack.technology

12. Windows Forum / Petri, Windows AI Vulnerability Detection Expands, July 9, 2026. MDASH May 2026 debut; 16 vulnerabilities identified ahead of May Patch Tuesday; tightened deployment-deferral guidance. windowsforum.com

13. Malwarebytes, July 2026 Patch Tuesday Fixes 622 Microsoft CVEs, Including Three Zero-Days, July 15, 2026. Zero-day descriptions; both exploited flaws added to CISA KEV. malwarebytes.com

14. HackRead, Microsoft’s July 2026 Patch Tuesday Fixes 622 Flaws and 2 Exploited Zero-Days, July 15, 2026. Keeper Security (Barney) commentary; MDASH background. hackread.com

15. Security Affairs, Patch Tuesday Security Updates for July 2026, the Largest Update Ever, July 14, 2026. ZDI count context; CVE-2026-57092 VMSwitch 9.9; CVE-2026-55008 OWA XSS analysis. securityaffairs.com

16. Cybernews, Microsoft Fixes 570 Vulnerabilities in Record Patch Tuesday, Begins Kerberos Enforcement, July 14, 2026. RC4DefaultDisablementPhase removal; AES migration guidance. cybernews.com

17. Anthropic, Project Glasswing: An Initial Update, May 22, 2026. 10,000+ partner findings; open-source scan statistics; 75 patched at publication; maintainer overload; Claude Security beta. anthropic.com/research

18. Capacity, Anthropic Takes Project Glasswing to Critical Infrastructure Operators in 15 Countries, July 6, 2026. Roughly 150 new organizations across power, water, healthcare, and communications. capacityglobal.com

19. CSO Online, Project Glasswing Has Uncovered 10,000 Vulnerabilities: Anthropic, May 26, 2026. Disclosure and patch statistics; Info-Tech (Tauschek) commentary. csoonline.com

20. SonicWall PSIRT via BleepingComputer, SMA1000 Zero-Day Exploitation (CVE-2026-15409, CVE-2026-15410), July 2026. bleepingcomputer.com

21. SAP Security Patch Day July 2026 via BleepingComputer and CyberScoop. 16 fixes; three critical including NetWeaver CVE-2026-44747 (CVSS 9.9) and Approuter CVE-2026-27690. bleepingcomputer.com

22. Adobe Product Security Incident Response Team, July 2026 Security Bulletins APSB26-71 through APSB26-83. 88 CVEs across 12 bulletins; ColdFusion CVSS 9.9 Priority 1; move to second-and-fourth-Tuesday cadence. helpx.adobe.com

23. Qualys, The Broken Physics of Remediation, March 2026. 88% of critical KEVs remediated slower than exploitation. blog.qualys.com

24. CrowdStrike 2026 Global Threat Report. 27-second fastest breakout. crowdstrike.com

25. Google M-Trends 2026. Average time-to-exploit for the most serious vulnerabilities: minus seven days. cloud.google.com

26. NIST, NVD Operations Update, April 15, 2026; FIRST CVE Forecast 2026. nist.gov / first.org

B
Brad Hibbert
Chief Operating Officer & Chief Strategy Officer
Brad Hibbert brings over 30 years of executive experience in the software industry, with a proven track record of aligning business and technical teams to drive growth and customer success.
See all of Brad's posts

Move Faster with Better Context.

Request a DemoRequest a Demo