Breaking: AI Models Now Exploit Vulnerabilities Faster Than Human Experts
Security researchers have confirmed that general-purpose AI models can now discover and exploit software vulnerabilities at unprecedented speed, even without specialized training. This breakthrough, documented in a recent analysis by cloud security firm Wiz, signals a dramatic shift in the cyber threat landscape that demands immediate defensive action.
“The era where only advanced adversaries could develop zero-day exploits is ending,” said a Wiz security expert. “AI is democratizing this capability, compressing attack timelines from months to days.”
The finding underscores a critical window of risk: while AI will eventually make code harder to exploit, threat actors are already wielding it to find and weaponize novel flaws faster than ever.
Background: The New Economics of Exploitation
Historically, zero-day discovery and exploit development required rare human expertise, extensive resources, and months of effort. Now, highly capable AI models are demonstrating the ability to identify vulnerabilities and generate functional exploits, drastically lowering the barrier to entry.
According to Google’s Threat Intelligence Group (GTIG), threat actors are already leveraging large language models (LLMs) for this purpose, and underground forums are marketing AI-driven exploit tools. This economic shift is fueling mass exploitation campaigns, ransomware surges, and an increase in activity from previously cautious advanced actors.
The trend mirrors recent observations in GTIG’s 2025 Zero-Days in Review report, which noted that PRC-nexus espionage groups have become adept at rapidly sharing and deploying exploits across separate threat groups—closing the historical gap between discovery and widespread use.
What This Means for Enterprises
Defenders face two urgent tasks: hardening existing software as quickly as possible, and preparing to defend systems that remain unhardened. “Now is the time to strengthen playbooks, reduce exposure, and embed AI into security programs,” the Wiz report emphasizes.
Enterprises must modernize their defensive strategies to counter AI-accelerated attacks. This includes adopting AI-powered detection tools, reducing attack surface through rapid patching, and assuming that even air-gapped systems may face novel exploits.
The window for proactive defense is narrowing. Organizations that fail to adapt risk falling victim to automated exploit campaigns that can strike without warning.
Key Actions for Security Teams
- Accelerate vulnerability remediation: Prioritize patching based on exploitability predictions from AI models.
- Integrate AI into security operations: Use AI to augment threat hunting and incident response.
- Assume breach readiness: Test defenses against AI-generated exploit scenarios.
- Monitor underground forums for AI exploit tooling.
For a deeper dive into the evolving attack lifecycle and a roadmap for modernizing defenses, review the background section and register for the upcoming Wiz webinar.