Zero-Day

Definition

A zero-day vulnerability is a software security flaw that is unknown to the software vendor and for which no patch or fix is available at the time of discovery or exploitation. The term “zero-day” reflects the fact that the vendor has had zero days to address the vulnerability before it can be exploited. Zero-day vulnerabilities are among the most valuable and dangerous assets in cybersecurity, as they provide attackers with a window of opportunity during which targets have no specific defense. AI transforms the zero-day landscape by accelerating both the discovery of previously unknown vulnerabilities and the development of exploits, compressing timelines that previously required months of skilled human analysis into potentially hours or days.

How It Relates to AI Threats

Zero-day vulnerabilities are a critical concern within the Security and Cyber Threats domain, particularly the automated-vulnerability-discovery sub-category. AI’s capacity to rapidly analyse vast codebases, identify vulnerability patterns, and generate working exploits fundamentally alters the economics of zero-day discovery. Previously, finding and weaponising zero-day vulnerabilities required rare expertise and significant time investment, naturally limiting their availability. AI lowers these barriers, potentially increasing the volume of zero-day vulnerabilities in circulation and reducing the time between discovery and exploitation. This shifts the balance further toward attackers, as defenders cannot patch vulnerabilities they do not yet know about.

Why It Occurs

• Modern software systems contain millions of lines of code with inevitable security flaws that resist complete human review
• AI-powered code analysis can systematically search for vulnerability patterns at a speed humans cannot match
• The strategic and financial value of zero-day exploits creates strong incentives for their discovery
• Patch deployment cycles remain slow relative to the speed at which AI can discover and weaponise vulnerabilities
• The growing attack surface of connected devices and cloud services increases the number of potential zero-day targets

Real-World Context

Zero-day vulnerabilities have been central to major cyber operations, including state-sponsored campaigns targeting critical infrastructure and surveillance operations against journalists and dissidents. Incident INC-25-0001, the AI-orchestrated cyber espionage campaign, highlighted how AI capabilities are being integrated into sophisticated cyber operations that may leverage zero-day exploits. The market for zero-day vulnerabilities includes both legitimate security research and grey-market brokers. Governments and international bodies have debated disclosure norms and stockpiling policies, with AI’s acceleration of vulnerability discovery adding urgency to these discussions about responsible handling of zero-day information.