Google reveals huge number of zero-days patched in 2025, says worse may be to come as 'AI changes the game'

News
By published

The zero-day trend is clear

AI-Driven Search on Mobile Phone
(Image credit: Shutterstock)
  • Google tracked 90 zero-day exploits in 2025
  • Enterprise systems increasingly targeted over browsers
  • AI expected to accelerate attack and defense cycles

The Google Threat Intelligence Team (GTIG) tracked, and helped patch, 90 zero-day vulnerabilities being exploited in real-life attacks in 2025, a new report has noted.

While this number is definitely worrying, Google hints it might get even bigger in the years to come, all thanks to AI.

In its report, GTIG said the 2025 volume is lower than the record-setting 2023, when the company fixed exactly 100 zero-days - but it is higher than the 78 bugs of 2024, and leading the experts to suggest a “trend towards stabilization at these levels”.

AI on both sides

While the number of patched zero-day malware has been somewhat constant for the past half a decade, GTIG's report does suggest things are rapidly changing. For example, there’s a “structural shift” that started happening in 2024, towards increased enterprise exploitation.

In both raw numbers (43) and proportion (48%), the number of vulnerabilities plaguing enterprise tech broke records, and now account for almost half of all zero-days exploited last year. “We observed a sustained decrease in detected browser-based exploitation, which fell to historical lows, while seeing increased abuse of operating system vulnerabilities,” the researchers added.

Besides OS flaws, criminals continue to target networking and security appliances, mostly for initial access.

Another major structural shift currently taking place is the deployment of AI on both sides of the cybersecurity field. Google expects attackers to utilize AI to automate and scale attacks by “accelerating reconnaissance, vulnerability discovery, and exploit development”. With the attackers moving faster through these phases, defenders will need to adjust or face the consequences.

That adjustment will include tools like agentic solutions which can proactively discover and help patch previously unknown security flaws.

“Defenders should prepare for when, not if, a compromise happens,” Google said, and shared a non-comprehensive set of approaches and guidelines for defending against zero-day exploitation.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.