The Headwinds are Compounding

Last issue closed with a simple claim: the inflection point is not coming, it arrived. April spent the month proving it.

Three reset moments and one quiet policy shift, all in four weeks. Discovery accelerated. Trust boundaries collapsed. The infrastructure we relied on to make sense of vulnerabilities formally stepped back. None of these were outliers. They are the same story told from four angles.

What actually happened in April

Mythos. Anthropic disclosed Claude Mythos Preview on April 7. The model autonomously found thousands of zero-day vulnerabilities across operating systems and browsers, including a 27-year-old OpenBSD bug and a 17-year-old remote code execution (RCE) flaw in the FreeBSD Network File System (NFS), catalogued in the Common Vulnerabilities and Exposures (CVE) database as CVE-2026-4747, that gave unauthenticated remote root. It weaponized 181 Firefox vulnerabilities into working exploits where the previous generation managed two. Anthropic decided not to release Mythos publicly and stood up Project Glasswing to share it with roughly fifty vetted partners. That is not a marketing decision. That is a capability the company itself believed was not safe to ship.

Copy Fail (CVE-2026-31431). Theori disclosed a Linux kernel logic flaw in the AF_ALG kernel crypto socket interface on April 29. A 732-byte Python script roots Ubuntu, Amazon Linux, Red Hat Enterprise Linux (RHEL), and SUSE. Every kernel since 2017. Theori found it in roughly an hour using their Xint Code system, with one operator prompt and no harnessing. The Cybersecurity and Infrastructure Security Agency (CISA) added it to the Known Exploited Vulnerabilities (KEV) catalog almost immediately. If your isolation story is containers on a shared host kernel, the threat model needs to be rewritten. Kubernetes nodes and continuous integration and deployment (CI/CD) runners are the priority surfaces.

Vercel. On April 19, Vercel disclosed a breach that started with a third-party AI tool. An employee at Context.ai was hit with Lumma Stealer infostealer malware in February. The attacker pivoted into a Vercel employee’s Google Workspace via Open Authorization (OAuth), into Vercel itself, and walked out with environment variables that were not marked sensitive and were therefore readable at rest. The database key and portions of source code went up for sale at $2M on BreachForums. The attack vector was not a zero-day in Vercel’s stack. It was the trust relationship with a small AI tool that nobody on the security team had inventoried.

National Vulnerability Database (NVD). On April 15, the National Institute of Standards and Technology (NIST) formally moved roughly 29,000 backlogged CVEs to “Not Scheduled” and announced that going forward, enrichment will be limited to KEV entries, federal-use software, and software defined as critical under Executive Order 14028. NIST will no longer recalculate Common Vulnerability Scoring System (CVSS) scores where a CVE Numbering Authority (CNA) has supplied one. CVE submissions are up 263% since 2020. The agency is doing more than it ever has and still cannot keep pace. For most CVEs from this point on, there is no centralized severity context, no normalized rating, no enriched Common Platform Enumeration (CPE) mapping. The “breach zone” between disclosure and signature is no longer a window that closes. It is the default state.

The pattern

Read those four together and the headwinds are visibly compounding.

AI offense is now real, present-tense, and accessible at a price point that does not require a nation-state. Discovery cost is approaching zero. The CVE pipeline the industry built its prioritization workflows on is no longer designed to keep pace, and the agency operating it has said so plainly. Trust boundaries that organizations assumed were safe, including third-party AI tools, OAuth integrations, and environment variables marked “non-sensitive,” are now first-class attack surfaces. And the bedrock everyone runs on, the Linux kernel, just had an eight-year-old privilege escalation bug surfaced in an hour by a tool one team built.

The common thread across all of it is context.

Mythos accelerates discovery, but the organizations that survive the shift are the ones with the context to triage, validate, and act on what gets surfaced. Copy Fail is exploitable on essentially every cloud Linux workload, but the right response depends on whether AF_ALG is reachable in your environment, whether your kernel is patchable inside your change window, and what your container isolation actually does at the host boundary. Vercel happened because a trust relationship with an AI tool was invisible to the inventory. The NVD retreat means the severity number you used to rely on now needs to be re-derived inside your environment, against your assets, with your exploitability signal.

Hygiene was always the floor. Context is the ceiling. The gap between them is widening, fast.

That gap is exactly what we are building Surf to close. April did not change our roadmap. It validated it.

From RSA to Gartner

RSA was six weeks ago, but the through-line from the floor conversations there to what April put on the table is unmistakable. Mythos, Copy Fail, the Vercel chain, and the NVD shift have come up in nearly every meaningful exchange since, and the framing that has consistently resonated with peers is the simple one: hygiene is the floor, context is the ceiling, and the gap between them is now the program. The vendors selling activity are getting polite nods. The operators talking about decisions and outcomes are getting follow-ups.

Up next is the Gartner Security and Risk Management Summit at National Harbor in June. Different audience, different format, same underlying argument with sharper edges based on what we heard in San Francisco and what April delivered on top of it. If you are there, find me.

If you are seeing the same patterns in your environment, I want to hear about it. The peers who tell each other the truth about what is actually happening on the ground are the ones who get through periods like this one with their organizations intact.

More soon.

Yonesy Núñez

CISO, Surf AI