We've discovered 385 zero-days. Here's what we did with them.
Ravi Pandey
Securin Team
June 8, 2026
As of June 2026, Securin researchers have discovered 385 zero-day findings and disclosed every one to upstream maintainers. Two were published in the past 30 days. Both were validated. Both are fixed. That last word is the one that matters. In a market full of vulnerability counts and discovery leaderboards, fixed is the hardest thing to claim — and the only one that actually reduces risk. A finding without validation is a hypothesis. A disclosure without coordination is noise. A CVE without remediation context is just a number on a list. Securin owns the full chain: discovery, validation, coordination and fix. That's what makes 385 meaningful.
More signal, less noise
AI has changed what's possible in zero-day research. Candidates that once took weeks to surface can now be identified at scale. But candidates are cheap. Confirmed, disclosed and remediated vulnerabilities are not. Securin’s AI workflows have surfaced 318 zero-day candidates, with a 90.4% true-positive rate (264 out of 292 manually reviewed candidates were confirmed as real vulnerabilities).
Severity followed the same pattern: across 226 compared findings, Securin’s assessment matched practitioner-validated severity exactly 73% of the time, and landed within one band 96.9% of the time.
A public record you can follow in real time
We're publishing our zero-day research as a living record, updated as findings move through the disclosure pipeline. It's searchable by CVE, vendor, product, CVSS score, vulnerability class and disclosure date — with technical artifacts where possible.
Bookmark it and you'll know what we found, what was confirmed, what was disclosed, and what got fixed — before it becomes a problem for your organization.
As an authorized CNA and GNA under the CISA, MITRE and EU GCVE programs, Securin supports the full disclosure path. That means CVE assignment, vendor coordination and publication — not just discovery.
For CISOs: this creates verified intelligence on the software your organization actually runs.
For analysts and reporters: it provides a citable public record.
For independent researchers: it’s a path through the hardest parts of disclosure: CVE assignment, vendor coordination and publication.
For defenders: it turns each advisory into something operational: root-cause analysis, exploit chains, CWE mapping, CVSS scoring and remediation context.
Securin’s zero-day research operation combines frontier AI models with a decade of offensive expertise – discovering, validating and coordinating high-impact vulnerability disclosures at a scale and speed no human team can achieve alone.
Share this post on:
