Oracle announced it is accelerating its vulnerability detection and response to meet the next generation of AI.
Oracle is expanding how security fixes are delivered to customers with a monthlyCritical Security Patch Update (CSPU), starting in May 2026. CSPUs provide targeted fixes for critical security issues, allowing customers to address high-priority vulnerabilities without waiting for the next quarterly release. Each CSPU is smaller and more focused, making it easier to apply critical fixes quickly. Quarterly Critical Patch Updates will continue to include all fixes released in prior CSPUs, the company said.
This approach enables customers to apply critical fixes more quickly on premises, while continuing to support established quarterly patching cycles through cumulative updates. All patches are applied automatically in Oracle-managed cloud environments.
Oracle has long applied AI across its cloud and software environments to support security testing, vulnerability detection, and code analysis. These capabilities run on Oracle Cloud Infrastructure (OCI), leveraging OCI AI services, infrastructure, and development platforms to operate continuously at scale, according to the company.
Oracle has access to leading frontier AI models, includingAnthropic’s Claude Mythos Previewand OpenAI’s most capable models through Trusted Access for Cyber, and Oracle is extending its capabilities with these models to improve how quickly and effectively vulnerabilities are identified.
Combined with its AI-enabled security operations, these capabilities are applied across Oracle-developed software and services, Oracle Health, and the open-source components it builds and uses in its products, the company said. The result is stronger code, earlier identification of risk and mitigations, and better protection for Oracle and our customers.
In Oracle-managed cloud services, vulnerabilities are identified and addressed continuously. Oracle monitors its infrastructure, platform services, and SaaS applications and applies fixes as they become available, reducing operational burden and helping keep systems up to date.
For customer-managed deployments, Oracle identifies vulnerabilities and delivers patches for supported products, but customers remain responsible for planning, testing, and applying those updates, whether those deployments run on-premises or on OCI.
Keeping systems current with patches is one of the most direct ways to reduce risk. Applying updates in a timely manner helps limit exposure and maintain security over time.
Upgrades and ongoing patching can be complex in large, highly integrated environments. Oracle provides resources including My Oracle Support, Technical Account Management, and Customer Success teams to help customers plan, test, and execute upgrades and stay current.
For more information about this news, visit www.oracle.com.