Stay informed about Adobe Security updates
The Adobe Security notification service delivers alerts on security bulletins and advisories, helping our customers stay up to date on important security fixes and updates.
Sign up to receive notifications
Finding more, faster
Vulnerability discovery has changed in scale and speed. Frontier AI models and agentic analysis tooling now uncover flaws across large codebases far faster than traditional methods could. Adobe is applying those same capabilities continuously to help accelerate vulnerability discovery across our products at machine scale, and ahead of adversaries. As mentioned in our blog earlier this month, this approach is already surfacing critical-risk vulnerabilities that traditional point-in-time approaches would not have found on the same timeline – and finding them faster.
The frontier AI capabilities we are using are also available to attackers, and the window between public vulnerability disclosure and active exploitation is compressing from days to hours. We are applying AI to find and fix vulnerabilities first, and getting those fixes to customers faster is the natural next step.
Effective July 14, 2026, Adobe is moving from monthly to twice-monthly publication of Adobe Security Bulletins and Advisories on the second and fourth Tuesday of each month. This applies to every bulletin and advisory that includes a formally published CVE requiring customer action.
What this means for customers
For our customers, this means one thing: security fixes reach you sooner, on a predictable schedule you can plan against.
Twice-monthly bulletins will enable us to keep pace with the era of frontier AI. More vulnerabilities found means more fixes to deploy and a once-a-month publication window is no longer fast enough to stay ahead of our adversaries. This new cadence is the direct result of investing in improved vulnerability discovery. AI accelerates discovery, but resilience still rests on the fundamentals: visibility, layered controls, continuous monitoring, and the discipline to ship fixes quickly once they are found.
Every update requiring customer action will continue to ship with a bulletin sharing the details, including CVEs remediated in that release, to enable your team’s need to assess, impact, and act. Note that some releases may not have individual CVEs assigned to each vulnerability when the release contains widespread fixes. Our disclosure standards, vulnerability management standards, and bulletin format stay the same. For actively exploited vulnerabilities or externally discovered zero-day vulnerabilities, our out-of-band response process remains in effect.
Preparing for the change
If your organization has an established process for acting on Adobe Security Bulletins and Advisories, we recommend adjusting your planning cycle to the new twice-monthly schedule – the second and fourth Tuesday of each month – ahead of the July 14 effective date. To make sure each release reaches you as soon as it publishes, you can subscribe to our security notification service, a free email service that alerts you to every new security bulletin and advisory.
Thank you for your partnership. The work ahead is significant, but it is the right work, and we are ready to take it on alongside our customers to set a higher standard for security and resilience. Ultimately, these investments are intended to earn and keep the trust of our customers, knowing that Adobe will do our part to help protect their most valuable creative work, documents, and data.
