Skip to content
The AI-First Web

1,623 Exploited Vulnerabilities. AI Agents Inherit Every One.

1,623 KEV entries, 100 with active exploitation. AI agents browsing autonomously inherit every one.

· 4 min read
Share on X LinkedIn
1,623 Exploited Vulnerabilities. AI Agents Inherit Every One.

The Inherited Attack Surface

CISA's Known Exploited Vulnerabilities catalog has reached 1,623 entries as of June 2026. Each entry represents a vulnerability that has been confirmed as actively exploited — not theoretically exploitable, not potentially dangerous, but confirmed in use by attackers against real targets. Of those 1,623 entries, 100 score above 50% on FIRST.org's Exploit Prediction Scoring System, indicating ongoing active exploitation with high probability.

This catalog was built for a web where humans browse. A human encountering a compromised website might notice unusual behavior — unexpected redirects, missing content, browser warnings. They might close the tab. An AI agent browsing the same site has no such intuition. It follows instructions. If a compromised WordPress installation serves a malicious payload disguised as legitimate content, the AI agent processes it as legitimate content. The agent does not evaluate trustworthiness. It evaluates relevance.

1,623
CISA KEV entries
Confirmed actively exploited vulnerabilities. Source: CISA KEV (June 2026)
100
KEV entries with EPSS > 50%
Ongoing high-probability exploitation. Source: FIRST.org EPSS (June 2026)

The Agent Browsing Problem

Fifty-seven point five percent of web traffic is now generated by bots, according to Cloudflare's 2026 data. A growing fraction of that traffic comes from AI agents — systems that browse, extract, synthesize, and act on web content autonomously. These agents operate on behalf of users and organizations, performing research, monitoring competitors, aggregating information, and executing transactions.

When an AI agent visits a website running a framework with known exploited vulnerabilities, the agent does not scan for CVEs. It does not check the KEV catalog. It reads the content and follows links. If the site has been compromised through one of the 1,623 KEV entries and is now serving manipulated content, the agent incorporates that content into its outputs. The compromise propagates not through the traditional exploit chain — malware, lateral movement, data exfiltration — but through information contamination. The agent trusts the content. The content has been altered. The agent's outputs reflect the alteration.

57.5%
Web traffic from bots
Source: Cloudflare Radar (2026)

EPSS and the Probability Dimension

FIRST.org's EPSS assigns a probability score to each CVE, estimating the likelihood that it will be exploited in the next 30 days. Among the KEV catalog entries, React carries entries with an EPSS score of 1.00 — a 100% exploitation probability. This is not a prediction. It is a measurement of ongoing exploitation activity. When a vulnerability scores 1.00 on EPSS, it means exploitation is not a future risk. It is a current condition.

The convergence of three data points defines the emerging risk surface: 1,623 confirmed-exploited vulnerabilities in the KEV catalog. AI agents browsing autonomously without the ability to evaluate site integrity. And 57.5% of web traffic already generated by non-human systems. The web's attack surface was built by and for human browsers. AI agents operate on the same surface without the human's ability to recognize when something is wrong.

For organizations deploying AI agents, the framework powering the websites those agents visit is no longer someone else's problem. It is a supply chain dependency. An AI agent that retrieves data from a compromised legacy CMS and incorporates it into business decisions has extended the CMS vulnerability into the organization's decision-making process. The KEV catalog is not just a list for system administrators. It is a risk register for every organization whose AI agents browse the open web.

1.00 (100% exploitation probability)
React KEV EPSS score
Source: FIRST.org EPSS (June 2026)
Share this insight