Latest version of the industry’s leading exploitation prediction model represents a 23% improvement
CHICAGO, IL, UNITED STATES, May 13, 2026 /EINPresswire.com/ — Empirical Security today announced the release of EPSS V5, the latest version of the Exploit Prediction Scoring System, a data-driven, machine-learning model that publishes freely available scores on a daily basis, used by security teams worldwide to prioritize vulnerability remediation based on the likelihood of real-world exploitation.
EPSS is a purpose-built predictive model that was recently recommended by Anthropic’s security teams as a response to Mythos and the coming onslaught of vulnerabilities. In part, the new model was trained with the Mythos crisis in mind. As a result EPSS V5 delivers meaningful improvements to model accuracy and calibration, building on the foundation established in prior versions and continuing the effort to give defenders the most precise, actionable exploitation predictions available. The new version scores all 318,000+ published CVEs and reflects ongoing investment in both the underlying machine learning infrastructure and the data inputs that drive the model.
The release comes at a time when vulnerability remediation remains one of the most resource-constrained problems in security operations. The fundamental challenge EPSS was built to solve has not changed: severity-based prioritization strategies, such as remediating all CVEs with a CVSS score of 7.0 or above, can require organizations to act on more than 50% of all published vulnerabilities, while only a small fraction of that effort targets vulnerabilities that show observed exploitation activity. EPSS allows organizations to achieve comparable or greater coverage of exploited vulnerabilities at a fraction of the remediation effort, by predicting exploitation likelihood rather than measuring severity.
EPSS V5 introduces several improvements over its predecessor:
– Enhanced model optimization. V5 incorporates improved modeling techniques and optimization algorithms that produce the most accurate exploitation predictions.
– Improved probability calibration. The calibration step has been refined, meaning the probabilities EPSS produces more precisely reflect the true likelihood of observed exploitation.
– Stronger exploit code intelligence. The upstream exploit-code classifier for detecting and categorizing published exploit code has been improved, with better identification of published repositories and artifacts that signal elevated exploitation risk.
– Incremental feature sets and data improvements. Minor enhancements across the feature set and the addition of new data feeds further strengthen the model’s predictive signal.
The new model is a 23% improvement over the prior version. Only about 1 in 40 published vulnerabilities is ever exploited in the wild, and it’s EPSS’s job is to identify which ones. Empirical measures the model’s success using a scoring method that rewards the model for ranking genuinely exploited vulnerabilities above ones that pose no real threat — a random guess would score around 0.025, and a perfect model would score 1.0. On May 4th, 2026, the current model (v4) scored 0.514. The new model (v5) scored 0.633 on the same data, representing a 23% improvement in the model’s ability to correctly surface the vulnerabilities that matter.
“Every version of EPSS reflects a commitment to building the provably most accurate model we can,” said Jay Jacobs, co-founder of Empirical Security and co-creator of EPSS. “V5 is a more accurate, better-calibrated model, and that matters. When organizations use EPSS scores to drive real remediation decisions, the quality of those predictions has direct consequences for how effectively they reduce risk.”
EPSS is among the most widely deployed vulnerability prioritization tools in the security industry, integrated into security products and used by organizations across sectors to inform remediation workflows, exposure management programs, and risk reporting. Empirical Security, co-founded by EPSS co-creator Jay Jacobs, provides the training, infrastructure, and expertise behind the model, as well as enterprise support for organizations that require higher-frequency updates, version stability, and operational support for production deployments. Organizations and practitioners interested in engaging with the EPSS community can participate through the EPSS Special Interest Group (SIG) at FIRST.
EPSS scores are freely available here: https://www.empiricalsecurity.com/epss
About Empirical Security
Empirical Security helps organizations to predictive exploit intelligence to vulnerability management and exposure management programs. Combining custom data models, AI, modern machine learning techniques, and deep EPSS expertise, Empirical Security enables security teams to focus remediation effort where it is most likely to reduce real-world risk and gives them 10x more efficiency and capacity. For more information, visit Empirical Security.
Greg Howard
Empirical Security
+1 510-289-8533
email us here
Visit us on social media:
LinkedIn
Legal Disclaimer:
EIN Presswire provides this news content “as is” without warranty of any kind. We do not accept any responsibility or liability
for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this
article. If you have any complaints or copyright issues related to this article, kindly contact the author above.
Media gallery
