A recent observation from venture capitalist Auren Hoffman suggests a significant shift in the zero-day exploit market, noting a dramatic decrease in prices over the past year. Hoffman attributed this to a "supply problem," stating, "> the number of exploits has gone up massively with AI," in a tweet by @auren. This perspective highlights the growing influence of artificial intelligence in the cybersecurity landscape.
Industry experts, however, present a contrasting view on the pricing trend. While acknowledging AI's role in increasing exploit volume, reports from cybersecurity firms like Noorstream and Bright Defense indicate that zero-day exploit prices have in fact surged. Premium zero-click exploits for iOS devices now command between $5-7 million, with Android exploits reaching up to $5 million, and Chrome/Safari exploits valued at $3-3.5 million, reflecting an estimated 44% annual increase. This inflation is primarily driven by enhanced platform security measures and sustained high demand from various actors.
Artificial intelligence is indeed accelerating the discovery and development of vulnerabilities. Google's AI model "Big Sleep" has demonstrated the capability to uncover critical zero-day flaws, such as one in the SQLite database engine. This advancement suggests that automated analysis could soon flood the market with new vulnerabilities, leading to a substantial increase in the overall supply of exploits, as noted by Google's Threat Intelligence Group (GTIG) in their 2025 report.
The market for zero-day exploits remains a high-value economy, primarily serving nation-states, cybercriminals, and commercial surveillance vendors. Google GTIG tracked 90 detected zero-day exploits in 2025, a 15% increase from the previous year, with annual volumes consistently ranging between 60 and 100 over the past four years. This consistent high volume, coupled with AI's accelerating impact, points to a complex interplay between supply, demand, and market valuation.
The implications of AI's growing role are profound, creating an "AI arms race" in cybersecurity. While AI can bolster defensive strategies by improving detection and response, it simultaneously empowers malicious actors to develop exploits more rapidly. This dynamic underscores the critical need for organizations to prioritize robust vulnerability management, rapid patching, and advanced threat intelligence to mitigate the escalating risks posed by an increasingly active zero-day market.
