Fortifying Your Enterprise Against AI-Powered Vulnerability Discovery

As artificial intelligence models become increasingly adept at finding and exploiting software vulnerabilities, defenders face a new reality: the attack timeline is compressing dramatically. While AI promises to harden code in the long run, the transition period creates a critical window where threat actors can leverage these same capabilities to launch unprecedented attacks. To help security teams navigate this evolving landscape, we've compiled answers to the most pressing questions about defending enterprises when AI can discover vulnerabilities faster than ever.

How are AI models changing vulnerability discovery and exploitation?

General-purpose AI models are now demonstrating the ability to not only identify novel vulnerabilities but also generate functional exploits automatically. This capability was previously reserved for highly skilled human experts who required significant time and resources. Today, threat actors of all skill levels can leverage these AI tools, dramatically lowering the barrier to entry. The underground forum ecosystem already markets AI services designed for exploit generation, and advanced groups like GTIG have been observed using large language models (LLMs) for exactly this purpose. This shift means that zero-day vulnerabilities, once rare and carefully guarded, may soon be discovered and weaponized at scale.

What are the two critical tasks for defenders right now?

Defenders must prioritize two parallel efforts: hardening existing software as rapidly as possible using AI-assisted security tools, and preparing to defend systems that remain unhardened during the transition. The first task involves integrating AI into vulnerability scanning, code review, and patch management to reduce the attack surface. The second requires updating incident response playbooks, improving detection capabilities, and assuming that exploits will come faster than before. As highlighted in Wiz's Claude Mythos blog, now is the time to strengthen playbooks, reduce exposure, and embrace AI within security programs. Delaying either task leaves enterprises vulnerable during this critical risk window.

How is the adversary lifecycle being compressed by AI?

Historically, discovering vulnerabilities and developing zero-day exploits took months of specialized effort. AI models compress this timeline by automating discovery and even suggesting exploit code. Threat actors can now move from vulnerability identification to weaponization in days or hours. This acceleration enables mass exploitation campaigns that were previously infeasible, as well as a surge in ransomware and extortion operations from actors who once guarded their zero-days for high-value targets. The entire attack lifecycle—reconnaissance, weaponization, delivery, exploitation, and exfiltration—becomes shorter, giving defenders less time to react. Security teams must assume that any vulnerability will be exploited rapidly and adjust their detection and response strategies accordingly.

What economic shifts in zero-day exploitation are expected?

The economics of zero-day exploitation are undergoing a fundamental change. Because AI reduces the cost and expertise required to discover and weaponize vulnerabilities, the supply of zero-day exploits will increase dramatically. This means that even commodity-level threat actors can participate in zero-day campaigns, rather than only advanced persistent threats or nation-states. Consequently, we can expect a higher frequency of attacks, with more actors using these capabilities in mass campaigns rather than sparingly. The result is a more dangerous threat landscape where existing defensive models—based on rarity and time-to-exploit—no longer hold. Enterprises must shift from a reactive posture to a proactive one, emphasizing continuous monitoring and rapid patching.

How have advanced adversaries already adapted to this trend?

In our 2025 Zero-Days in Review report, we observed that PRC-nexus espionage operators have become exceptionally adept at quickly developing and distributing exploits among separate threat groups. This effectively collapses the historical gap between a vulnerability's publication and its first use in the wild. By sharing exploitation tools across multiple clusters, these adversaries multiply the impact of a single zero-day. This trend underscores that the AI acceleration is not a future hypothetical—it's already being operationalized by sophisticated actors. Defenders must therefore assume that any new vulnerability release could be exploited within days, not months, and automate their patch deployment and detection rules to keep pace.

How can enterprises prepare and incorporate AI into security programs?

To defend against AI-accelerated threats, enterprises should adopt AI-driven defensive tools that parallel attacker capabilities. This includes using machine learning for anomaly detection, automated vulnerability scanning, and predictive threat intelligence. Additionally, security teams should update incident response playbooks to account for compressed timelines—for example, by automating containment procedures and using AI to analyze alerts faster. Proactive measures like continuous red teaming with AI models can help identify weaknesses before attackers do. Training staff to recognize AI-generated attacks (such as sophisticated phishing or malware) and fostering collaboration between security and development teams are also critical. The goal is to shift from a human-in-the-loop model to a human-on-the-loop model where AI handles rapid responses while humans oversee strategy.