AI Agents Are Turning Zero Days Into a Race Humans Can’t Win Alone – Unite.AI
For years, zero day vulnerabilities have been dangerous, but they used to be scarce and difficult to exploit at scale. Finding one required patience, specialized skill and a deep understanding of software behavior. As Nicole Perlroth and other journalists reported, there was a trade in zero days, and nation states treated them as extremely valuable cyber weapons.
Today zero days are widely available. Almost anyone can discover new ones on their own, with the help of open source AI models, or proprietary AIs such as Claude and OpenAI.
The same advances that make AI useful for writing code, summarizing logs and accelerating security operations can also be used to search for flaws, chain vulnerabilities and test exploit paths at machine speed. Attackers no longer need to manually inspect every dependency, reverse-engineer every application or spend weeks probing for a weakness. AI agents can automate much of that work, exploring codebases, scanning exposed systems, generating hypotheses and iterating until they find something useful.
That changes the economics of zero day exploitation. A human attacker may only have time to pursue the most promising targets. An AI-assisted attacker can afford to examine far more software, far more quickly, with far less fatigue. Even if most attempts fail, the sheer volume of attempts makes success more likely. In cybersecurity, scale often turns rare events into routine ones.
AI Is Expanding the Zero Day Search Surface
This is why zero days are becoming a more urgent enterprise risk. Modern software is too large, too interconnected and too dependent on third-party components for any organization to fully understand every weakness before an attacker does. Most companies rely on a sprawling mix of commercial platforms, open-source libraries, cloud services, SaaS applications, APIs, identity systems, edge devices and internal tools. Each layer introduces potential vulnerabilities. Each integration creates new attack paths. Each update can quietly change the risk profile.
The uncomfortable reality is that there is a massive amount of undiscovered vulnerability sitting inside software of all kinds. Some of it exists in old code. Some of it exists in new code written under pressure. Some of it comes from dependencies that few organizations track with enough precision. Some of it emerges from the way systems interact, even when each individual component appears secure. AI agents are well suited to explore that complexity because they can search broadly, persistently and adaptively.
Defenders face an impossible patching problem. You cannot patch a vulnerability you do not know exists. You cannot prioritize every theoretical weakness equally. You cannot fully test every combination of software, configuration and user behavior before deployment. Even mature vulnerability management programs are often built around known CVEs, vendor advisories and threat intelligence feeds. Those are essential, but they arrive after discovery. In a world of AI-accelerated zero day hunting, discovery may happen first in the hands of an attacker.
This creates a growing game of whack a mole. A vulnerability is found. A patch is rushed. Exploitation shifts to a neighboring system, a different dependency or a newly exposed interface. Security teams respond, but the backlog keeps expanding. AI increases the speed of the mallet on both sides, yet attackers often benefit first because they only need to find one viable path. Defenders have to protect all of them.
The long-term answer may come from AI itself. As AI systems become better at generating, reviewing and testing code, they should help eliminate entire classes of vulnerabilities before software reaches production. Secure-by-design development could become far more practical when AI can continuously inspect code, identify unsafe patterns, model exploitability and recommend fixes in real time. Eventually, we may reach a point where common memory errors, injection flaws, authentication mistakes and insecure configurations are dramatically reduced because AI-assisted engineering catches them early. In our work in DeepTempo, we already see a greater use of memory safe languages such as Rust in our software; while Rust is harder in some regards to code, it is safer and coding it has become much easier thanks to AI.
Defenders Need to Shift From Patch Speed to Attack Resilience
While a future in which all software has been patched or rewritten in a more safe manner is worth pursuing, it is unclear how theoretically possible it really is for a variety of reasons. In any case, we know it has not arrived yet and will not arrive for many years. Today’s AI-generated code can still introduce vulnerabilities. And AI security tools can still miss context. Today’s enterprise environments still contain decades of accumulated technical debt. Attackers are already using automation to move faster, while defenders are still integrating AI into existing workflows, approval chains and risk models and finding that LLMs are not useful when detecting attacks.More information about how LLMs fair in detections can be found in recent open source benchmarks such as SOC Bench. Just as an example, the engineers behind SOC Bench found that the best LLMs have a false positive rate in the 20% range and would cost hundreds of millions of dollars a day at the scale of a typical large security environment. As a result of all of the above factors, the rise of AI currently vastly favors attackers.
Unfortunately, organizations need to assume that some unknown vulnerabilities will be discovered by adversaries before they are disclosed publicly. What is more, thanks to improved phishing and the prevalence of widespread capturing of identities, increasingly attackers can simply log in.In short, at least for the medium term, more than ever security strategy cannot depend entirely on prevention. Prevention remains critical, but it must be paired with faster detection, stronger behavioral analytics and tighter containment.
As a variety of organizations have suggested recently, including NIST, the Five Eyes, and the National Academy of Sciences, given the rise of AI enabled attackers, security teams should revisit approaches to understand what normal looks like across users, machines, identities, applications and data flows. Zero day exploits often succeed because they bypass known signatures, but they still leave footprints which today’s most powerful classification models can see and discern.. For example, attacks may show unusual access patterns, abnormal privilege use, unexpected process activity, strange authentication flows or data movement that, in combination, do not match the environment’s baseline. Purpose built AI can help defenders find those signals sooner, especially when the attack itself is novel.
In addition, companies should reduce the blast radius of compromise. Segmentation, least privilege, strong identity controls, continuous monitoring and rapid isolation matter more when unknown vulnerabilities are being exploited. If an attacker uses a zero day to gain entry, the next question is how far they can move before being detected. The smaller that window, the less valuable the exploit becomes.
There is no clean pause button for this moment. AI agents will keep improving. Offensive experimentation will keep accelerating. The number of systems worth probing will keep growing. The security community’s task is to make sure defensive AI matures just as quickly.
Zero days have always rewarded speed, creativity and asymmetry. AI agents amplify all three. The organizations that adapt will treat AI as more than a productivity layer for security teams. They will also use purpose-built AI to efficiently and accurately detect unknown threats, prioritize apparently weak signals that, in combination with thousands of others suggest a compromise, and respond before an exploited vulnerability becomes a business-wide crisis.