Trend Micro Unveils ÆSIR AI-Powered Platform That Discovered 21 Zero-Days in NVIDIA, Tencent, and MLflow
Trend Micro's new ÆSIR platform uses AI automation with human oversight to discover zero-day vulnerabilities in AI infrastructure, uncovering 21 CVEs across NVIDIA, Tencent, and MLflow since mid-2025.
Trend Micro has introduced ÆSIR (AI-Enhanced Security Intelligence & Research), an AI-empowered security research platform designed to proactively identify and remediate zero-day vulnerabilities in foundational AI infrastructure. Since mid-2025, ÆSIR has uncovered 21 critical CVEs across industry-leading platforms including NVIDIA, Tencent, MLflow, and MCP tooling, demonstrating the platform's ability to operate at the scale and speed required to protect the rapidly evolving AI ecosystem.
The platform leverages two core components: MIMIR for real-time threat intelligence and FENRIR for zero-day vulnerability discovery. Together, these enable Trend Micro to scan massive codebases in hours, prioritize the highest-impact vulnerabilities, and ensure robust, continuous protection for customers. Named after figures from Norse mythology, MIMIR continuously monitors the global vulnerability landscape, tracking thousands of CVEs, while FENRIR conducts automated code analysis to surface previously unknown flaws.
ÆSIR closes the gap between the speed of AI development and the pace of security research by combining machine-speed automation with human expert oversight. Every step involves human direction of ÆSIR's AI resources: while AI agents accelerate codebase analysis, human experts direct research, validate ÆSIR findings, and manage disclosure of discovered vulnerabilities. Researchers investigate issues flagged by ÆSIR, assess their real-world impact, and drive responsible vendor coordination.
The platform's launch comes amid an explosion of AI-specific vulnerabilities. Analysis of 2,986 AI CVEs reveals an unmistakable inflection point: from roughly 50 CVEs in 2018 climbing to approximately 275 by 2022, then jumping from around 300 in 2023 to over 450 in 2024, and reaching over 1,000 in 2025—a 70% year-over-year increase. As AI systems move from research labs into production environments, their vulnerabilities move from theoretical concerns to active threats.
Trend Micro's responsible disclosure process ensures that all vulnerabilities are not only reported but also fully remediated, including patch bypass verification, to further strengthen customers' defenses. The company emphasizes that ÆSIR represents a strategic investment in agentic security research, designed to address the scale of vulnerabilities in an increasingly connected world where more than 48,000 CVEs were published in 2025—a 38% increase from 2023.
The platform's ability to discover vulnerabilities across NVIDIA, Tencent, and MLflow highlights the growing attack surface in AI infrastructure. As global AI spending is projected to reach US$1.5 trillion in 2025 and exceed US$2 trillion by 2026, according to the World Economic Forum, the need for automated vulnerability discovery at scale becomes increasingly critical. Enterprise spending on generative AI alone jumped from US$11.5 billion in 2024 to US$37 billion in 2025, increasing by 3.2 times in a single year.
ÆSIR represents a new approach to security research, where AI itself becomes the tool for securing AI infrastructure. By combining automated code analysis with human expertise, Trend Micro aims to stay ahead of the accelerating pace of vulnerability discovery and exploitation, ensuring that the foundational infrastructure of the AI era remains protected.