Oracle is shifting from quarterly to monthly security patch releases, introducing Critical Security Patch Updates (CSPUs) starting May 28, 2026. The change is driven by the accelerating pace of AI-enabled vulnerability discovery. Unlike Microsoft, SAP, and Adobe which patch on the second Tuesday of each month, Oracle will patch on the third Tuesday — a week later. Oracle is leveraging OpenAI and Anthropic's Claude Mythos Preview to identify and fix vulnerabilities faster. Quarterly cumulative patches will continue alongside the new monthly cadence. On-premises and third-party hosted customers will need to apply patches manually, while Oracle-managed cloud customers receive automatic updates.
Sort: