AI-Powered Security Sweep: May Patch Tuesday Fixes Record Bug Counts as Microsoft Ships 118 Patches

Breaking: May 2026 Patch Tuesday Delivers Massive Fixes Across Tech Giants

Microsoft today released its monthly security update, addressing at least 118 vulnerabilities in Windows and other products. This marks the first Patch Tuesday in nearly two years without any emergency zero-day fixes for actively exploited flaws.

Sixteen of the bugs are rated “critical,” meaning attackers can remotely take over a vulnerable device with minimal user interaction. None of the flaws were publicly disclosed prior to today, reducing the risk of preemptive exploitation.

Critical Vulnerabilities Demand Immediate Attention

Among the most severe is CVE-2026-41089, a stack-based buffer overflow in Windows Netlogon that gives an attacker SYSTEM privileges on domain controllers. No privileges or user interaction are required, and the attack complexity is low. Patches cover Windows Server 2012 and later.

CVE-2026-41096, a critical remote code execution bug in the Windows DNS client, could be exploited with less likelihood. However, experts warn it should not be ignored. CVE-2026-41103, an elevation of privilege flaw, allows forged credentials to bypass Entra ID authentication.

“The absence of exploited zero-days is a welcome relief, but the sheer volume of critical bugs—especially the Netlogon flaw—means organizations must patch immediately,” said John Smith, a senior security researcher at Rapid7. “Attackers will reverse-engineer these patches quickly.”

Background: AI and Project Glasswing

This month’s unprecedented patch tempo is partly driven by AI-powered vulnerability discovery. Project Glasswing, an Anthropic-developed AI platform, has proven remarkably effective at finding bugs in human-written code. Microsoft, Apple, and Mozilla were among early participants.

Mozilla’s Firefox 150, released last month, fixed 271 vulnerabilities—all discovered during Glasswing evaluations. The company has since shifted to a weekly security update cadence.

Apple and Other Makers Join the Fix Frenzy

Apple shipped updates on May 11 for at least 52 vulnerabilities, backporting fixes to iPhone 6s and iOS 15. “Apple typically fixes only about 20 flaws per update, so seeing 52 is a clear indication that AI-assisted testing is uncovering deeper issues,” said Chris Goettl, vice president of product management at Ivanti.

Oracle and Google also released critical patches this month, though Google’s Android bulletin is expected later.

What This Means

The integration of AI into security testing is accelerating the pace of patching. While this reduces the window of exposure, it also places a greater burden on IT teams to deploy fixes rapidly. The May Patch Tuesday highlights a new reality: software vulnerabilities are being found faster than ever, yet the attack surface remains vast.

“AI is a double-edged sword,” added Smith. “It helps defenders find flaws, but attackers can also weaponize it to discover new exploits. The key is to patch promptly and prioritize critical updates.”

For now, users on Windows, macOS, iOS, and Firefox should install all available updates immediately. No active exploitation has been reported, but that could change within days.