Policy Pulse - Issue #22 | Week of June 28, 2026

Your weekly briefing on cybersecurity policy affecting vulnerability disclosure and security research.

Top Story

Government Gatekeeping of AI Cyber Models Hardens — OpenAI's GPT-5.6 Sol Joins Anthropic Mythos 5 Behind Federal Wall

The US government's new model-access regime for frontier AI with offensive cyber capabilities locked in a second time this week. OpenAI previewed GPT-5.6 Sol on June 26, restricting access to government-approved customers only after ONCD and OSTP asked the company to limit deployment. The model scored 96.7% on OpenAI's internal cyberattack benchmark, placing it in the "High" risk tier under the company's own framework. An August 2026 classified evaluation deadline now hangs over the model's broader release.

This follows Commerce Department clearance of Anthropic's Mythos 5 on June 27, authorizing deployment to "a small group of cyber defenders and infrastructure providers" per the Commerce letter — the first model cleared under the June 2 Executive Order's voluntary 30-day pre-release review process. Fable 5 remains blocked. The parallel is hard to miss: within 72 hours of issue #21's publication, two of the most capable cyber models in existence are under US government gatekeeping regimes, with divergent levels of transparency depending on which side of an NSA/CISA classified wall you sit.

The asymmetry that matters most for the research community: the UK's AI Security Institute continues publishing detailed capability evaluations (its May benchmarking found autonomous cyber capability doubling every 4.7 months, with Claude Mythos Preview the first model to autonomously chain an end-to-end intrusion). The US Center for AI Standards and Innovation (CAISI), which had completed 40+ public evaluations, was directed to stop publishing findings post-EO, moving assessment authority behind a classified framework. Allied transparency diverges sharply from US opacity. Security researchers, coordinated disclosure programs, and VDP operators are not in the "vetted defenders" set receiving early access.

Why it matters for VDP: The government-gated release of models explicitly designed for vulnerability discovery creates a bifurcated disclosure ecosystem: state-mediated channels handling AI-found vulnerabilities on one side, traditional researcher-to-vendor coordinated disclosure on the other. Where AI-discovered zero-days flow, and under what safe-harbor conditions, is now an open policy question with no public answer.

📎 Throwback: In Issue #21, we covered the Commerce Department's initial clearance of Mythos 5 for US critical infrastructure; this week GPT-5.6 Sol confirms the government-gating precedent is structural, not a one-off.

Upcoming Deadlines & Events

This Week in Policy

AI & Emerging Tech Security

• CVE forecast heads toward 66,000 in 2026 as AI-discovery pipeline strains coordinated disclosure: FIRST projects approximately 66,000 CVEs for 2026, with AI-driven discovery pipelines — including the Mythos coalition sitting on thousands of zero-days entering coordinated disclosure over the coming year — already stressing 90-day disclosure norms. Cisco and CSA have both published arguments that traditional VDP intake cannot absorb machine-scale, working-exploit-quality reports without structural changes. (Help Net Security, CSA whitepaper)

• CAISI ordered to stop publishing AI model evaluations; UK AISI continues: Following the June 2 Executive Order, the US Center for AI Standards and Innovation was directed to halt public model evaluations, with assessment authority shifting to a classified NSA/CISA-run framework. The UK AI Security Institute, by contrast, continues releasing detailed public capability research. The divergence creates information asymmetry across Five Eyes partners and is the most significant near-term impact on the AI safety research community. (Lawfare, Crypto Briefing)

CVE & Vulnerability Programs

• Cisco Catalyst SD-WAN zero-day exploited two months before public disclosure: CVE-2026-20245, a Cisco Catalyst SD-WAN path traversal bug added to KEV, was actively exploited approximately two months before its public disclosure date. The gap between exploitation and coordinated-disclosure completion is the exact window VDP programs exist to compress — and this case quantifies what uncoordinated disclosure costs defenders. (CISA KEV)

• CISA opens public KEV nomination channel for researchers: CISA launched a structured public intake form allowing any researcher, vendor, or organization to nominate CVEs for KEV catalog inclusion, with fields for CVE ID, active-exploitation evidence, and mitigation status. This supplements the legacy email path with a machine-readable intake mechanism. (ExecutiveGov)

• CISA adds PTC Windchill and Cisco Unified CM to KEV catalog (June 25): CVE-2026-12569 (PTC Windchill/FlexPLM improper input validation) and CVE-2026-20230 (Cisco Unified Communications Manager SSRF) added based on active exploitation evidence. Both carry a 21-day federal remediation deadline under the BOD 26-04 SSVC risk model. (CISA)

Federal Strategy & Regulation

• AI Cybersecurity Clearinghouse takes shape: The June 2 AI Executive Order directs Treasury, ONCD, NSA, and CISA to stand up an AI cybersecurity clearinghouse to deconflict AI-driven vulnerability scanning, validate AI-found vulnerabilities, and coordinate patch distribution. ONCD is separately building a disclosure framework for sensitive AI-generated dual-use findings. The combination — new intake channel, new triage authority, new safe-harbor question — is the federal coordination regime for AI-discovered vulnerabilities being assembled in real time. (White House EO)

Legal & Researcher Protections

• Copyright Office opens DMCA Section 1201 tenth triennial: petition deadline August 24: The US Copyright Office formally initiated the 2027 triennial proceeding on June 9, opening the window to renew and expand the security-research circumvention exemption. Petitions for new exemptions and renewals are due August 24, 2026; comments on renewal petitions close September 28. This is also the first triennial since the Office denied an AI-security-research exemption in 2024 — advocacy groups can re-argue it. (Copyright Office)

• UK Computer Misuse Act reform's statutory defence would protect roughly 300 of 69,600 professionals: Analysis presented at CyberUK 2026 found the draft statutory defence folded into the National Security Bill covers only UK nationals holding active UK Cyber Security Council chartership, and covers scanning alone — excluding bug-bounty hunters, independent researchers, and agentic AI workflows. If enacted as drafted, UKCSC chartership becomes a de facto licensing requirement for lawful research, a credentialing-as-gating-mechanism precedent the rest of the Five Eyes will watch closely. (Computer Weekly, TechTimes)

International Developments

• EU CRA Single Reporting Platform not yet formally operational with September 11 deadline 75 days out: A June 12 client alert confirmed ENISA committed to publishing SRP manuals during June 2026 but the platform is not yet formally set up, despite the 24-hour exploitation-reporting obligation activating September 11. Every manufacturer selling digital products in the EU needs a functioning CVD policy and reporting pathway by that date. The readiness gap is the nearest-term operational watch item for any VDP program operating in or selling to EU markets. (Crowell)

• UN Cybercrime Convention: three ratifications, 37 short of entry into force: Qatar (first, February 2026), Azerbaijan, and Vietnam have ratified, against the 40 required; the convention remains open for signature through December 31, 2026. Civil-society concern persists that the treaty's state-centric evidence-sharing architecture is structurally incompatible with good-faith coordinated disclosure norms. The slow ratification pace is, strategically, a remaining window in which safe-harbor advocacy has leverage. (UNODC)

NIST Frameworks

• NIST publishes IoT product cybersecurity requirements draft for federal procurement (SP 800-213 Rev. 1): Published June 24, this is NIST's first IoT draft that uses requirement language rather than voluntary guidance, scoping federal procurement of connected devices. Comment deadline is August 24, coinciding with the DMCA petition deadline. (NIST CSRC)

Worth Reading

• Lawfare: "Voluntary — Until the Government Is Your Customer": Sharp analysis of how the June 2 AI EO's "voluntary" framing gives way to market coercion once labs depend on government contracts — the cleanest explainer on the structural dynamic behind GPT-5.6 Sol and Mythos 5's gated releases.

• UK AISI: "How Fast Is Autonomous AI Cyber Capability Advancing?": The empirical spine behind this week's policy cascade — AISI's May benchmarking found autonomous task completion doubling every 4.7 months and documented the first model to autonomously chain an end-to-end intrusion. Read this to understand what the EO is reacting to.

• CSA: "The AI Agent Disclosure Accountability Gap": CSA's whitepaper on the structural mismatch between AI-scale vulnerability discovery and human-paced VDP intake — argues the 90-day coordinated disclosure window is being rendered operationally obsolete, and sketches what a revised disclosure framework would need to look like.

• VulnCheck: "The First CVE Wave": Tracking the imminent arrival of AI-discovered CVEs into the public disclosure pipeline — expect the first wave from Project Glasswing-type programs by July 2026, and this piece models what the volume and quality profile will look like.

Friends of disclose.io

Cloud Security Alliance: The AI Agent Disclosure Accountability Gap

CSA's April 2026 whitepaper is the most direct community-partner engagement with the problem that defines this issue's story arc: coordinated disclosure norms were built for human-paced research, and AI-scale discovery is about to render them insufficient. The paper identifies what CSA calls an "AI agent disclosure vacuum" — a structural gap where AI agents discovering vulnerabilities at machine speed have no clear disclosure pathway, no safe harbor coverage, and no triage infrastructure capable of processing the volume.

The key finding is not alarmist: it is architectural. The 90-day coordinated disclosure window emerged from empirical research on how long organizations need to patch after notification. That assumption is still approximately true for patching speed. It is not true for discovery speed, which AI has already compressed by orders of magnitude. CSA's proposed fix involves three layers: a machine-readable intake format for AI-discovered vulnerabilities, a fast-lane triage track for high-confidence, working-exploit-quality findings, and explicit safe-harbor language that covers AI-assisted research in the same way the disclose.io Global Standard Safe Harbor covers human researchers.

The disclose.io community is precisely the audience whose input should shape what a revised framework looks like. The paper is a call to engage.

Key findings:

• AI agents discovering vulnerabilities faster than humans can process disclosures creates an "intake overload" failure mode for VDP programs
• Current safe harbor frameworks do not explicitly cover AI-assisted or AI-autonomous vulnerability research
• A machine-readable AI disclosure format and a fast-lane triage track are the two highest-leverage structural changes
• The first AI-discovered CVE waves are expected to hit public disclosure pipelines by mid-2026, making the timeline for framework updates short

📄 Read the CSA whitepaper

CSA's Labs team has been tracking the intersection of AI and vulnerability disclosure since 2024, and this paper is their most operationally specific analysis to date.

Policy Pulse is a weekly bulletin from disclose.io. Keeping the security research community informed on policy that affects our work.

Have a tip or want to contribute? Reply to this email, reach out on Twitter/X, or drop a comment here!