Oracle is shifting from quarterly to monthly security patch releases, introducing Critical Security Patch Updates (CSPUs) starting May 28, 2026. The change is driven by the accelerating pace of AI-enabled vulnerability discovery. Oracle will release patches on the third Tuesday of each month, a week after Microsoft, SAP, and Adobe. The company is leveraging OpenAI and Anthropic's Claude Mythos Preview to identify and fix vulnerabilities faster. Quarterly cumulative Critical Patch Updates will continue alongside the new monthly cadence. On-premises and third-party hosted customers will need to apply patches manually, while Oracle-managed cloud customers receive automatic updates.
Sort: