A new report from the Google Threat Intelligence Team (GTIG) reveals that security researchers tracked and helped patch 90 zero-day vulnerabilities that were actively exploited in real-world attacks during 2025.
Although the figure is concerning, Google suggests the number could rise in the coming years, largely due to the growing influence of artificial intelligence in cybersecurity.
According to the report, the 2025 total is lower than the 100 zero-day vulnerabilities discovered in 2023, but higher than the 78 vulnerabilities recorded in 2024. Based on these numbers, researchers believe the industry may be entering a period of relative stability in the volume of zero-day exploits.
AI shaping both attacks and defenses
Despite the somewhat consistent numbers in recent years, the report highlights significant changes in how cyberattacks are evolving.
One of the biggest shifts began in 2024, when attackers increasingly targeted enterprise technologies. In 2025, vulnerabilities affecting enterprise systems reached 43 cases, representing 48% of all exploited zero-days, the highest proportion ever recorded.
Researchers also observed a decline in browser-based exploits, which dropped to historically low levels. At the same time, attacks targeting operating system vulnerabilities increased noticeably.
Beyond operating systems, cybercriminals are still focusing on networking equipment and security appliances, often using them as entry points to gain initial access to corporate environments.
Another major transformation in the cybersecurity landscape is the growing use of AI by both attackers and defenders.
Google warns that threat actors could increasingly rely on AI to automate and scale cyberattacks, speeding up tasks such as reconnaissance, vulnerability discovery, and exploit development. As attackers move faster through these stages, security teams will need to adapt quickly to keep up.
To counter these threats, defenders are expected to rely more on AI-powered security tools, including agentic systems capable of identifying and helping patch previously unknown vulnerabilities.
Ultimately, Google stresses that organizations must assume breaches will eventually occur.
“Defenders should prepare for when, not if, a compromise happens,” the report states, urging companies to strengthen detection, response, and vulnerability management strategies to better defend against zero-day attacks.
