As information regarding Anthropic’s Claude Mythos event has spread, cybersecurity experts and laypeople alike have begun to wonder about the capabilities of such a powerful tool. The AI tool's ability to identify zero-day vulnerabilities that humans have not found in years is astonishing and has many wondering about zero-day vulnerabilities, exploits and attacks.
Let’s explore this cybersecurity concept of zero-day and how the Mythos event has taught us how vulnerable our industry is. We will look at key characteristics, how a zero-day exploit works, some examples from recent history and how your organization can defend against it.
What Is a Zero-Day Vulnerability?
A zero-day vulnerability is a critical software security flaw that is completely unknown to the vendor or the public. This flaw is instantly exploitable by hackers because, as the name suggests, developers have had "zero days" to create a patch. Consequently, systems remain fully exposed to attack until a security update can be developed and applied.
You may also have heard terminology associated with a zero-day vulnerability, such as zero-day exploit or zero-day attack. While a zero-day vulnerability is “an unknown security vulnerability or software flaw,” a zero-day exploit is the development and deployment of malicious code to exploit the vulnerability before a security response is available. A zero-day attack occurs when bad actors exploit a known vulnerability to target a vulnerable system.
Key Characteristics of Zero-Day Vulnerability
Zero-day vulnerabilities often have several key characteristics that make them difficult to mitigate and protect against without a vigilant, proactive IT department or managed IT Provider. These include:
- Unknown component
- No patch available at the time of discovery
- Difficult to detect due to novelty
- Rapidly exploitable - often within hours of detection
- Used to target high-value items
How It Works
The process of exploiting a zero-day vulnerability is fairly straightforward. First, a malicious actor discovers a vulnerability in software, an operating system or a network. Then, those same bad actors create and deploy code (an "exploit") to leverage this flaw before the vendor releases a patch to fix the issue. Once the user/business finds the issue, they have “zero-days” to fix the issue before it can be exploited.
Examples
According to the Google Threat Intelligence Group (GTIG), approximately 90 zero-day vulnerabilities were identified as being exploited in the wild in 2025. While this is lower than the 2023 record of 100, it marks a slight increase from 78 in 2024 and indicates a stabilization in the 60-100 range.
You may remember one particular zero-day attack that occurred during the early days of COVID-19. In April 2020, a zero-day vulnerability was discovered in the video conferencing platform Zoom that enabled attackers to gain remote access to users’ computers under certain conditions. The weakness was soon patched, but not before widespread negative publicity led many businesses and schools to temporarily restrict or prohibit the use of Zoom software.
Several other examples include the 2025 Microsoft SharePoint Critical vulnerability allowing access to files and services, the 2025 CitrixBleed 2 recent exploited vulnerability affecting secure access services and the 20-21 Log4Shell critical vulnerability in Apache Log4j, which affected major US companies, including Amazon Web Services, Microsoft, and Cisco.
How To Defend Against It
Defense against zero-day events should be both proactive and reactive. Should an attack occur in real time, immediately isolate the affected systems to prevent further spread, conduct forensics to understand the scope of the damage, and then deploy patches or workarounds while awaiting vendor updates.
Proactively, organizations should consider defenses such as: network segmentation, regularly updating the system, deploying endpoint detection and response, and employing the principle of least privilege access.
To find out more about how your organization can prepare for zero-day exploits and attacks, contact our team at Spectra Networks. We are happy to help.