Zero-Day Vulnerability
A previously unknown security flaw in AI software or infrastructure that can be exploited before a patch or mitigation is available.
Definition
A critical risk where attackers exploit undisclosed or unpatched vulnerabilities in AI frameworks, model-serving endpoints, or underlying infrastructure. Governance requires proactive threat intelligence (dark-web monitoring), rapid incident-response plans, defense-in-depth controls (network segmentation, runtime anomaly detection), and emergency patch-deployment procedures to minimize exposure during the “zero-day” window.
Real-World Example
A production ML serving cluster is found vulnerable to a newly disclosed container-escape bug. The ops team’s zero-day response plan kicks in: they isolate the cluster, apply temporary network-level filters to block exploit patterns, and deploy the vendor’s patch within hours—preventing any observed exploitation.
.svg)
