Cisco Talos — 2025 CVE retrospective (AI-related CVEs double)

AI relevance: Talos’ CVE review adds AI-specific keyword tracking (MCP, LLM platforms, Claude) and shows AI-related CVEs nearly doubled YoY — a concrete signal of rising exposure in AI tooling stacks.

• Talos counted 48,196 CVEs in 2025 (about 132 per day).
• They introduced a new method to track AI-related CVEs using keyword buckets (platforms, frameworks, products, AI concepts).
• Using this initial method, AI-related CVEs nearly doubled, from 168 → 330 year over year.
• “Model Context Protocol (MCP)” and “Claude” appeared in the data for the first time (absent in 2024).
• Talos cautions that CVE data misses non-CVE AI risks like jailbreaks, data extraction, and model inversion.
• KEV entries also rose, underscoring the need to treat known exploited vulns as urgent patch targets.

Why it matters

• AI stacks now show up in standard vulnerability feeds, which means AI ops teams need CVE hygiene on par with traditional software.
• Keyword-based tracking provides a baseline for risk trend monitoring and prioritization of AI components.
• The gap between CVE data and real-world AI threats highlights the need for additional controls beyond patching.

What to do

• Inventory AI components: Track AI frameworks, LLM runtimes, and agent tooling so CVEs can be mapped to owners.
• Subscribe to AI tooling advisories: Prioritize fixes when AI-related CVEs or KEVs land.
• Cover non-CVE risks: Pair patching with guardrails, prompt-injection defenses, and monitoring.

Sources

• Cisco Talos — Patch, track, repeat: The 2025 CVE retrospective
• OWASP LLM Top 10
• MITRE ATLAS
• CISA Known Exploited Vulnerabilities Catalog