Google Finds 100 Chrome Flaws in May Surge as AI Tools Accelerate Discovery
Updated
Updated · SecurityWeek · May 21
Google Finds 100 Chrome Flaws in May Surge as AI Tools Accelerate Discovery
5 articles · Updated · SecurityWeek · May 21
Google’s May 5 Chrome advisory listed 100 vulnerabilities found internally, after company-reported flaws had climbed from a handful in late March and early April to 16 on April 15 and 21 on April 28.
More than 70 vulnerabilities patched in the two most recent Chrome releases were also discovered by Google, reinforcing signs that internal AI and automation are sharply increasing the pace of flaw discovery.
Google has not said which model found the bugs, but it recently tied lower Chrome bug bounties to AI-driven remediation and said new AI can explain root causes, suggest fixes and uncover variants of known issues.
CodeMender, built with Gemini models, and other internal tools such as Big Sleep could be involved, while Google is also among about 50 organizations with access to Anthropic’s Claude Mythos.
The jump fits a broader industry pattern: Mozilla said Claude Mythos helped find more than 270 Firefox vulnerabilities, and Microsoft and Palo Alto Networks have also reported AI-assisted discovery gains.
Google's AI found 100+ Chrome bugs in one month. Should this make users feel safer, or more alarmed?
As AI finds software flaws faster than ever, are we getting safer or just accelerating a cyber arms race?
2026’s Unprecedented Spike in Software Vulnerabilities: How AI Is Reshaping Cybersecurity, Threats, and Defense
Overview
In May 2026, the cybersecurity world faced an unprecedented surge in software vulnerabilities, with Google Chrome standing out due to a dramatic rise in reported security flaws. A single Chrome update revealed 79 security issues, far more than previous updates, which had already shown a sharp increase. This wave of vulnerabilities included a range of problems, from UI spoofing to critical issues like out-of-bounds writes and heap buffer overflows, affecting multiple platforms and versions. The rapid escalation highlights a systemic shift in how vulnerabilities are discovered and patched, signaling a new era of heightened cyber risk.