Email & Collaboration Threat Protection

Predictions 2025: The Time from Discovery to Exploitation Will Continue to Decrease

As 2025 unfolds, we are going to see zero-day threats continue to increase and the time from discovery to exploitation continue to decrease

by Kiri Addison

Feb. 05, 2025

Wichtige Punkte

Zero-day threats remain a very dangerous element that is alive and well in the cybercriminal toolbox, and will continue to increase.
As cybercriminals become more experienced and AI and exploit tools become more and more readily available, the time it takes them to exploit a vulnerability will continue to decrease.
Organizations need to fight AI with AI, using development tools that help them fix vulnerabilities in software before the bad guys discover them.

What are Zero-Day Threats?

Zero-day threats are security vulnerabilities in software that are unknown to the software maker or the public. The term “zero day” refers to the software maker having zero days to create a patch to fix the vulnerability.

This means these are brand-new threats that are either already in the software, its subsequent patches and updates, or are being newly exploited by bad actors for the very first time. This also means these threats are not in lists of known vulnerabilities, so do not have recommended patches or detection rules in place. Even if an organization has updated their antivirus software just minutes before, these zero-day threats are unlikely to be stopped by traditional tools that rely of signatures.

Why Are Zero-Day Threats So Dangerous?

Zero-day threats are considered to be extremely dangerous because they indicate that bad actors have figured out a way to compromise a system and that system will be open to that specific vulnerability until the software maker develops and deploys a patch, potentially leaving a significant amount of time during which damage can be done.

Are Zero-Day Threats Increasing?

Without a doubt, zero-day threats are increasing, and it is software supply chains that are most at risk. In fact, Mandiant investigations post-breach have found that the leading cause of breaches is exploitation of software and misconfigurations, and that a high proportion of these are zero-day attacks. 95% of UK businesses have been hit by supply chain cyber breaches and over one-third don't regularly assess their third-party vendors. Patch fixing or spot reconfiguration are rendered redundant in such instances.

This means that not only do organizations need to be concerned about increasing zero-day threats within their own environment, but they need to be concerned about cybercriminals exploiting their supply chains, creating vulnerabilities at suppliers and contractors that are being specifically targeted. It may be more difficult for a bad actor to infiltrate a large multi-national conglomerate, but we are seeing that they are sometimes able to backdoor their way in through a company or individual in that organization’s supply chain.

What Is Discovery to Exploitation?

In cybersecurity, discovery to exploitation is the process where a vulnerability is first identified – the discovery – and then actively used to gain access or cause damage by creating and deploying malware – the exploit – to take advantage of that vulnerability.

What cybersecurity experts are also coming to realize is that the time from discovery to exploit is decreasing because attackers are rapidly continuing to improve their ability to identify vulnerabilities and exploit them, often within days of software being released. This is occurring because exploit frameworks are so easily available, and cybercriminals are using AI tools more and more often.

What Can Organizations Do to Fight This?

In 2025, organizations are going to quickly realize that as the time from discovery of a threat to it being widely exploited by cyberciminals continues to decrease, predictive analytics will be particularly important in securing their threat surface.

Artificial intelligence excels at real-time monitoring and predictive analytics. As cyber threats evolve, the importance of continuous, real-time monitoring has never been greater. AI algorithms can sift through vast amounts of data at lightning speed, offering real-time insights into network security.

Predictive analytics, powered by AI, allows organizations to foresee potential vulnerabilities and address them before they are exploited. This capability extends beyond simple monitoring to more complex scenarios, such as predicting when and where a distributed denial-of-service (DDoS) attack might occur based on historical data trends.

Organizations can stay one step ahead of attackers by leveraging AI for real-time analysis and prediction.

The Bottom Line

Zero-day threats will remain a very dangerous reality throughout the year to come and well into the future. They are only going to increase as cybercriminals become more experienced and AI and exploit tools become more and more readily available. In parallel, the time it takes them to exploit a vulnerability will continue to decrease.

Organizations need to fight AI with AI, using development tools that help them fix vulnerabilities in software before the bad guys discover them. AI technologies can enhance testing and debugging by automatically detecting bugs, inefficiencies, and vulnerabilities, and suggest fixes or optimizations. AI-driven testing systems generate adaptive test cases and prioritize the most critical tests, improving software quality and security.