AI is reshaping vulnerability management… and reshaping policy debates along with it. From Anthropic’s suspension of its Fable5 and Mythos models amid jailbreaking concerns and an export control directive, to companies talking of bundling CVEs, to a proposed codification of the CVE program as an amendment to the annual defense policy bill, there’s a lot to unpack.
Join Institute for Security and Technology friends and adjunct advisors (and some CVE board members!) for a lively conversation. How should policymakers think about vulnerability scoring, vulnerability density, and exploit chaining in this brave new world? Is CISA’s BOD 26-04 the right approach? What are initial reactions to the CVE bill? Bring your thoughts, hot takes, and questions!
