Here is what May 2026 looked like if you run infrastructure with any meaningful Microsoft, Palo Alto, or Oracle footprint.
Microsoft's Patch Tuesday dropped well over 100 vulnerabilities. Two of them -- CVE-2026-41089 and CVE-2026-41096 -- are CVSS 9.8, unauthenticated, network-reachable remote code execution flaws. CVE-2026-41089 is a stack-based buffer overflow in Windows Netlogon. An attacker sends a crafted packet to a domain controller, no credentials required, and gets code execution. CVE-2026-41096 is a heap-based buffer overflow in the Windows DNS Client -- the one that runs on essentially every Windows machine -- exploitable via a malicious DNS response. You also have four Word Preview Pane RCEs that fire without the user opening an attachment. Receiving the email is enough.
Same week, Palo Alto Networks disclosed 75 security vulnerabilities in a single advisory -- roughly seven times their typical monthly volume. The reason: they ran frontier AI models against their own codebase for the first time at scale. Oracle announced it is moving from quarterly to monthly Critical Security Patch Updates starting May 28, explicitly because AI-accelerated vulnerability discovery made quarterly cadence untenable. The Secure Boot certificate deadline is June 26. That one has no extension.
None of those land in the same maintenance window. Domain controller patches run on a different schedule from DNS infrastructure. Appliance firmware runs on a different schedule from both. Office updates may or may not align with your OS cumulative. Database windows are their own thing entirely. And all of it is happening simultaneously.
This is not a one-time surge
The reason May looks like this is structural, not incidental.
Mozilla ran an AI-assisted scan against the Firefox codebase and fixed 423 security bugs in April alone. Their 2025 monthly average was 21. Palo Alto's typical disclosure volume before the AI scan was a fraction of what they just disclosed. Microsoft's multi-model agentic scanning harness, MDASH, found 16 Windows vulnerabilities in a single scanning cycle -- 4 of them critical RCE -- by coordinating over 100 specialized AI agents across the codebase. Microsoft is on pace to exceed the all-time annual CVE record set in 2020, with five months still to go.
These aren't one-time exercises. Palo Alto said explicitly they are rescanning and intend to find and fix everything before the same capabilities become broadly available on the attack side. Mozilla is treating AI-assisted scanning as an ongoing part of their security cycle. Oracle just restructured a patching program that had been quarterly for roughly two decades.
Mozilla's engineers described the dynamic plainly: it's cheap and easy to prompt an AI to find a problem in code, but slow and expensive to respond to it.
That sentence is the whole problem. The finding side just got dramatically faster. The fixing side -- your team, your maintenance windows, your change management process, your SLAs -- has not.
What your SLA was actually written for
Most critical CVE deployment SLAs were designed for a world where a heavy patch month meant a few dozen issues from Microsoft and maybe a handful from your other vendors. Where the operational question was which of the 5-10 critical items needed emergency treatment versus which could wait for the scheduled window. Where quarterly Oracle patching was a known, plannable event.
When a single AI-assisted vendor scan generates 75 vulnerabilities and every major vendor in your stack starts operating on that cadence simultaneously, the math on your SLA breaks. The emergency lane floods. The team spending time on emergency triage has less time for the steady-state queue, which backs up, which creates its own pressure the following cycle.
The answer is not working more hours. It is having more precise prioritization -- the ability to accurately identify what is exploitable, reachable from your actual network topology, and worth emergency treatment, versus what is real but low-urgency and can run through a normal window. CVSS scores alone do not give you that. A 9.8 on a service you don't run is not the same operational priority as a 7.2 on something internet-facing.
The long tail problem
One more thing worth naming. The vendors running AI-assisted scanning right now are the largest ones -- Microsoft, Oracle, Palo Alto, Mozilla. Their products are getting measurably more secure. The thousands of smaller vendors in your software supply chain -- the monitoring agents, the backup clients, the authentication middleware, the VPN tools -- are not running these programs yet.
As the large vendors harden, the relative attractiveness of the long tail increases. Adversarial pressure goes where resistance is lowest. The practical implication: your vendor risk assessments need a new question. Does this vendor have an AI-assisted scanning program? What is their current CVE disclosure cadence and do they expect it to change? The answer tells you something real about their security posture that a SOC 2 report does not.
The short version
The patch queue is now the constraint, not the vulnerability discovery process. If your team's SLA, escalation paths, and maintenance window structure were designed for pre-AI disclosure volumes, they need a review before the next wave of first-time AI scans lands across your vendor stack.
The finding side of this problem is solved. The fixing side is on you.
Full technical breakdown with the specific May CVE data and the structural analysis: blog.vertexops.org/patch-queue-vulnerability
Top comments (0)