Commercial AI Models Now Capable of Autonomous Zero-Day Discovery, Forescout Research Shows
Forescout's Vedere Labs tested 50 AI models and found that in 2026 all can complete vulnerability research tasks, with half able to autonomously generate working exploits, including four zero-days discovered in OpenNDS.
Forescout's Vedere Labs has released new research demonstrating that commercial AI models have made rapid gains in vulnerability research and exploit development. In 2026, all 50 tested models—spanning commercial, open-source, and underground offerings—can complete vulnerability research tasks, and half can autonomously generate working exploits. The most capable models, Claude Opus 4.6 and Kimi K2.5, can find and exploit vulnerabilities with simple prompts, lowering the barrier for inexperienced attackers.
Using the RAPTOR agentic framework, the researchers discovered four zero-day vulnerabilities in OpenNDS, a widely deployed component. RAPTOR is an open-source, agentic AI framework designed for cybersecurity research, offense, and defense. Notably, one of the vulnerabilities was found in code that Vedere Labs had already manually analyzed and had not identified, underscoring AI's ability to surpass human capability in certain tasks.
“These are widely available AI models exceeding human capability,” said Rik Ferguson, VP Security Intelligence at Forescout. However, he noted that this may not be at the scale, speed, and quality of non-public frontier models like Anthropic's Claude Mythos, which have been shown to identify thousands of zero-days across major operating systems.
The commercial models performed best in Forescout's testing, but they remain expensive. Claude Opus 4.6 costs up to $25 per million output tokens. Meanwhile, open-source alternatives such as DeepSeek 3.2 can handle basic tasks at a fraction of the cost, with all test tasks costing less than $0.70. Using different models based on task complexity and cost is emerging as a practical strategy for both defenders and attackers.
Forescout noted that if its research can uncover new vulnerabilities with open models, and large initiatives such as Project Glasswing can surface thousands of zero-days in critical software, organizations should assume their environments contain unknown vulnerabilities that AI will find, whether used by defenders or attackers. The findings highlight a rapidly evolving threat landscape where AI-driven vulnerability discovery is becoming democratized.