AI Zero Days Are Here: What CISOs Need to Know
For the first time, an AI-powered vulnerability discovery system has identified a zero day in a commonly used piece of software, according to Google’s security team. Google’s AI breakthrough underscores an inevitable shift to AI-powered risks—and solutions. Google researchers used an AI model, Big Sleep, to identify a memory safety vulnerability—a stack buffer underflow—in the SQLite database engine. SQLite is one of the most widely deployed database engines, embedded in millions of devices and applications. It is open source and occupies an important part of the software supply chain for data pipelines and databases. Big Sleep identified a critical stack buffer underflow vulnerability within its code, a flaw missed by conventional methods.
For CISOs, the implications are important. AI can and will be used to detect zero days, both by good and bad actors. Security will accelerate, and AI will be required to keep up. At the same time, security ensuring that core security controls are in place and tuned will become even more important. This moment highlights the need to tackle AI-driven threats from two angles. First, by deploying AI-powered defenses to counter the rapid evolution of security risks. Second, by ensuring existing security frameworks are fortified and capable of integrating with these new capabilities.
The coming surge in AI-powered zero days
Large language models (LLMs) that handle coding and code analysis are rapidly improving. They are also freely available and often in the open source domain. Attackers have noted this and are actively seeking to leverage AI to hunt for vulnerabilities in systems. CISOs should expect a surge in zero-day vulnerabilities discovered by AI stems from several key factors:
Advanced AI capabilities: Modern AI models, particularly LLMs, have demonstrated proficiency in analyzing complex codebases to identify previously unknown vulnerabilities. Google leveraging AI in Project Big Sleep to uncover a widespread zero-day vulnerability is a good example of AI's potential in proactive security measures.
Automation and efficiency: AI-driven tools can automate the vulnerability discovery process, significantly accelerating the identification of security flaws. This efficiency enables the detection of vulnerabilities at a pace unattainable through manual methods alone. GreyNoise Intelligence's use of AI to discover zero-day vulnerabilities in live-streaming cameras exemplifies this capability.
Greater semantic understanding: AI models can analyze code with a deeper understanding of context, intent, and functionality, uncovering vulnerabilities that traditional methods might overlook. This semantic insight allows AI to identify not just obvious coding errors but also nuanced logic flaws, configuration issues, and security gaps that could be exploited. For instance, OpenAI Codex has demonstrated the ability to find subtle security weaknesses by interpreting the intended behavior of a program against its actual implementation.
The convergence of these advancements means that CISOs and security teams must prepare for a wave of AI-discovered zero-day vulnerabilities. To stay ahead, organizations should prioritize adopting AI-driven defensive tools, increase collaboration between development and security teams to address vulnerabilities earlier, and continually educate staff on emerging AI threats. Proactive strategies will be crucial in mitigating the risks posed by this new era of AI-enabled cyberattacks. That will mean deploying AI to fight AI threats, and also doubling down on zero trust and other proactive strategies to reduce the attack surface.
Even greater defense in depth is becoming imperative
For CISOs, the new AI threat landscape further emphasizes the importance of covering as much of the attack surface as possible. This means covering a wider array of code and configuration data and protocols. It also means distributing security mechanisms to more detection points in the application delivery lifecycle and providing tooling and automation to eliminate more manual tasks.
For example, F5 NGINX App Protect would likely block many AI-identified zero days by preventing classes of behavior that are anomalous and across a wide array of protocols (HTTP/S, HTTP/2, gRPC, MQTT, and WebSocket). NGINX App Protect can be deployed anywhere, including alongside any NGINX product and in the CI/CD pipeline. For another aspect of defense in depth, the NGINX One SaaS console functions as an automated configuration recommendation engine, enabling teams to quickly apply configuration changes to block zero days to their entire NGINX fleet (including NGINX Plus, NGINX Open Source, Kubernetes products, and Azure-as-a-Service options).
Expanding the boundaries of defense in depth for an AI-driven era
AI zero days aren’t just a shift in the threat landscape—they’re a glimpse into the future of cybersecurity. The discovery of vulnerabilities by AI isn’t a one-off event; it’s a signal that the tools we use to protect ourselves must evolve at the same pace as those used to attack us. AI-driven vulnerabilities mark a turning point for cybersecurity, demanding a broader and deeper defense strategy.
As attackers leverage AI to uncover and exploit weaknesses, CISOs must focus on defense in depth—covering more ground across the attack surface. This means expanding protection to encompass more protocols, codebases, and configuration data while deploying security mechanisms at every stage of the application lifecycle. The rise of AI threats doesn’t just require smarter tools; it requires comprehensive coverage and automation to minimize human error. In this new era, survival depends on fortifying every layer and leaving no vulnerability unprotected.
To learn more, visit the F5 NGINX App Protect webpage.