The July 14 Patch Tuesday did not go as expected. Monday’s brief previewed a 100-to-140-CVE release, based on advance tallies from Microsoft’s Security Update Guide. The actual release carried 570 vulnerabilities, including 59 rated Critical, with two confirmed actively exploited zero-days and one publicly disclosed BitLocker bypass requiring physical access. A four-to-five times overshoot of the forecast is not a rounding error. Microsoft attributed the volume surge explicitly to AI-powered code scanning sweeping the Windows codebase at a pace that manual review cannot match.

That explanation matters more than the CVE count. If AI tooling is systematically accelerating vulnerability discovery inside Microsoft’s own engineering organization, the same effect is playing out across the industry simultaneously, and the coordinated disclosure system, the patch validation pipelines, the enterprise triage operations, none of them were designed to handle that rate. On the same day Patch Tuesday landed, the White House announced Gold Eagle: a joint Treasury, DHS, and Pentagon initiative to coordinate AI-discovered vulnerabilities through Carnegie Mellon’s VINCE platform. The policy and the problem arrived in the same 24-hour window. That is not coincidence; it is the government acknowledging that the triage capacity problem is already here.


The Two Zero-Days Tell an Incident Response Story

CVE-2026-56164, an elevation-of-privilege flaw in SharePoint Server, was credited to researchers at Mandiant and Google Cloud. CVE-2026-56155, a privilege escalation in AD FS, was credited to Microsoft’s own Detection and Response Team. Both credits are tells. Mandiant and Google Cloud researchers discover vulnerabilities during incident response, not proactively in research labs. DART finds vulnerabilities when Microsoft sends its own responders into a compromised environment. Both attributions point toward the same conclusion: these flaws were not found in advance of exploitation. They were found because someone was already inside a victim’s network when the researchers arrived.

SharePoint EoP and AD FS privilege escalation together describe a realistic identity-access kill chain. AD FS is a common authentication broker for federated environments; SharePoint is a high-value document store with deep Active Directory integration. An attacker with initial network access who escalates via AD FS and then pivots to SharePoint with elevated token authority can achieve significant horizontal movement without touching traditional endpoint-based detection surfaces. The combination is not an academic scenario; it is the exact pattern Microsoft DART encounters in enterprise compromises where attackers dwell undetected inside identity infrastructure. The fact that both CVEs were discovered mid-engagement, confirmed exploited, and released simultaneously suggests they may have appeared in the same or related intrusions before Microsoft could separate and disclose them independently.

The third notable flaw, CVE-2026-50661, permits BitLocker bypass with physical access. The bar is higher and the threat model is narrower, but for organizations with field-deployed devices or shared physical facilities, local privilege escalation via a patch gap in a disk encryption bypass is not theoretical.


Developer Supply Chain Continues Its Sustained Assault, with a New Wrinkle

Two separate npm supply chain attacks hit developer tooling between July 11 and July 14, both distinct from the Injective Labs compromise that appeared in Monday’s brief. The Jscrambler attack followed the familiar playbook: stolen credentials, malicious package versions published, native binary payloads harvesting cloud provider keys and AI coding-assistant credentials before the packages were pulled. Jscrambler’s obfuscation role in the JavaScript build pipeline gave the malicious versions wide install-time reach; 1,479 downloads occurred before removal, with payload triggers at both install and import time to maximize credential harvesting across multiple pipeline stages.

The AsyncAPI attack is technically more interesting. Attackers gained push access to the AsyncAPI generator’s GitHub next branch and published three packages carrying obfuscated droppers, but the packages carried valid npm OIDC provenance attestations generated through the compromised CI pipeline’s trusted identity. OIDC-based package provenance is the npm ecosystem’s current answer to the supply chain integrity problem: attestations cryptographically link a published package to its build environment and source commit. If an attacker compromises the CI pipeline identity itself rather than the package publishing credentials, the attestation signs a malicious artifact as legitimate. The attack does not break the attestation scheme cryptographically; it breaks the assumption that CI pipeline identity is more trustworthy than package credentials. For organizations that implemented provenance verification as a supply chain control, this is the category of attack that bypasses it.


Escalation from Monday: Patch Tuesday’s Forecast Was Off by More Than 400 CVEs

As noted in Monday’s brief, the July Patch Tuesday was flagged at rank 11 as a coordination challenge: an expected 100-to-140 CVE release coinciding with the Kerberos RC4 Phase 2 enforcement deadline. The scope expanded materially. The 570-vulnerability release more than quadrupled the forecast and introduced two actively exploited zero-days that were not anticipated in pre-release guidance. Organizations that planned Patch Tuesday triage around a roughly 120-CVE workload now need to re-scope, with SharePoint Server and AD FS patches elevated to immediate priority given confirmed in-the-wild exploitation. The Kerberos RC4 coordination concern from Monday stands; the new zero-days add urgency on top of that existing deadline pressure.


What to Watch

Gold Eagle’s operational credibility is the key question running into next week. The initiative is framed as a coordination clearinghouse, not a triage service, but the 570-CVE Patch Tuesday illustrates the problem it is supposed to solve. Whether Carnegie Mellon’s VINCE platform can handle AI-generated vulnerability volume at scale, and whether the federal coordination structure can produce faster remediation timelines than the status quo, will determine if Gold Eagle is a structural fix or a branding exercise. Separately, watch for KEV catalog additions in the SharePoint and AD FS CVE families over the next five to seven days. If exploitation is active enough that Microsoft DART and Mandiant are finding these flaws mid-engagement, the actor or actors using them are not stopping because a patch shipped.


Security Unlocked publishes threat intelligence and strategic analysis twice weekly. This mid-week brief covers developments from 2026-07-13 through 2026-07-16.