Security · 1h ago
Microsoft's AI-driven patches tripled CVEs in four months
Microsoft warned that AI would increase security update volume, but provided no numbers. Analysis of its Security Update Guide shows the July 2026 patch batch contained 1,150 CVEs, three times the pre-AI average of 383. Severity also rose, with median CVSS up from 6.5 to 7.5 and remote code execution quadrupling.
Meridian48 take
The data confirms Microsoft's vague warning was an understatement, but the 38% of unscored CVEs (likely Chromium bugs) leaves room for skepticism about the true severity distribution.
Read the full reporting
Microsoft said the patches would get bigger. I measured how much bigger. →
DEV Community
microsoft-patchescve-analysis