Key Takeaways
- The most consequential AI arms race is not about foundation models or chatbots, but about who can discover and exploit software vulnerabilities first.
- The United States currently leads in AI‑driven vulnerability discovery capability, having uncovered dozens of zero‑day flaws in critical open‑source code.
- However, the U.S. lacks any coordinated defensive strategy: there is no mandate for pre‑deployment security testing, CISA is understaffed and underfunded, and fewer than 1 % of discovered bugs are fully patched.
- China is actively pursuing the same AI‑enabled vulnerability discovery, backed by a national cybersecurity law, a projected $8.7 billion AI‑security market by 2030, and observed use of AI by state‑linked groups.
- To close the gap, the United States must overhaul its compliance framework—modeled after the FDA’s medical‑device approval process—requiring demonstrated safety before software is deployed in critical infrastructure, and must rebuild and adequately fund CISA to enforce those standards.
The Real AI Arms Race: Vulnerability Discovery
While public debate focuses on which nation builds the best large language model or controls semiconductor exports, a quieter but far more dangerous competition is already underway: the race to find, weaponize, and patch software zero‑days. Google’s Threat Intelligence Group confirmed on May 11 that attackers used an AI model to discover and exploit a zero‑day that bypassed two‑factor authentication, linking the effort to Chinese and North Korean groups. This incident illustrates that AI‑driven vulnerability hunting is not a future threat—it is happening now.
U.S. Leadership in AI‑Powered Discovery
The United States possesses the most advanced AI vulnerability‑discovery tools on the planet. Anthropic’s Mythos system, for example, has uncovered thousands of zero‑day flaws in critical infrastructure, including a 17‑year‑old FreeBSD code‑execution bug, a 16‑year‑old memory‑corruption flaw in FFmpeg, and a nine‑year‑old Linux kernel vulnerability that grants full system control—discovered in under an hour. Researchers at Xint reproduced these findings and added twelve additional zero‑days in the same codebases, demonstrating both the depth and reproducibility of U.S. AI capabilities.
The Defensive Gap: No Strategy, No Funding
Despite this offensive prowess, the United States has essentially no defensive strategy for the vulnerabilities it uncovers. There is no federal requirement for pre‑deployment security testing of software that runs critical infrastructure. The Cybersecurity and Infrastructure Security Agency (CISA), statutorily tasked with defending those systems, has lost roughly one‑third of its workforce and faces a proposed $500 million budget cut, leaving it unable to meet its mission. Existing compliance regimes such as SOC 2 and FedRAMP merely check for the presence of security controls; they do not verify whether the underlying code can actually be exploited. Consequently, fewer than 1 % of the Mythos‑discovered vulnerabilities have been fully patched, leaving known flaws live in production systems.
China’s Parallel Investment in the Vulnerability Race
China is not sitting idle. Its amended cybersecurity law, effective Jan. 1, includes AI governance provisions, extraterritorial enforcement authority, and fines up to $1.4 million per violation—signaling a top‑down commitment to AI‑enabled cyber operations. IDC projects China’s AI cybersecurity market will balloon to $8.7 billion by 2030, a 37‑fold increase from 2025, reflecting a national strategy to build both offensive and defensive AI cyber capabilities in tandem. State‑linked groups have already been observed using AI to automate exploit checks and probe targets, confirming that the vulnerability race is a concrete component of China’s broader AI ambitions.
The Asymmetry Between Capability and Policy
The United States enjoys a stark asymmetry: it leads in AI‑driven vulnerability discovery but lags in the policy, funding, and operational infrastructure needed to turn those discoveries into defensive action. The capability exists, yet there is no mandatory framework for remediation, no funded patch‑management pipeline for the open‑source software that underpins critical infrastructure, and no consequence for vendors who ship exploitable code. As John Hultquist of Google’s Threat Intelligence Group warned, the AI vulnerability race is not imminent—it has already begun, and the U.S. is currently playing catch‑up without a playbook.
Incident Evidence: AI in Action
Google’s Threat Intelligence Group’s report provides concrete evidence of the race’s progress. It details how North Korean military unit APT45 employed AI to run thousands of automated exploit checks, while Chinese state‑linked actors experimented with AI for vulnerability hunting and target probing. These are not speculative forecasts; they are documented incidents showing that adversaries are already integrating AI into their offensive cyber workflows, accelerating the pace at which zero‑days are found and weaponized.
Why the Model Race Distracts From the Real Danger
The prevailing narrative—centered on model performance, export controls, and chip restrictions—captures headlines and policy attention, but it obscures the more immediate risk: an adversary gaining persistent access to essential services through an unpatched vulnerability. Winning the model race may yield better benchmarks and prestige, yet losing the vulnerability race could allow an opponent to disrupt power grids, financial systems, or defense networks with a single exploit. The stakes of the latter are therefore far higher for national security and public safety.
A Path Forward: FDA‑Style Pre‑Deployment Security
To close the vulnerability gap, the United States must overhaul its approach to software security in critical infrastructure, borrowing a page from the Food and Drug Administration’s medical‑device approval process. Under such a model, vendors would be required to demonstrate, before deployment, that their software cannot be exploited by known or discoverable vulnerabilities. Proof of patch application—not merely the existence of security controls—would be mandatory for any update or new release. This shifts compliance from a retrospective paperwork exercise to a proactive safety verification.
Rebuilding and Empowering CISA
Implementing FDA‑style pre‑deployment testing demands a capable, well‑resourced agency to enforce it. CISA is the logical civilian defender, but its current state—depleted staff, uncertain leadership, and looming budget cuts—prevents it from fulfilling this role. The first step, therefore, is to reconstitute CISA: restore its workforce, confirm a director, and provide sufficient funding to develop the technical expertise, testing facilities, and enforcement authority needed to mandate pre‑deployment security validation. With a strengthened CISA, the nation can translate its AI discovery advantage into a resilient defensive posture.
Conclusion: Winning the Overlooked Arms Race
The United States still possesses the technological edge in AI‑driven vulnerability discovery. What is missing is the strategic framework to convert that edge into lasting security. By instituting rigorous pre‑deployment security testing, modeling compliance after the FDA’s safety standards, and rebuilding CISA into a well‑funded, empowered defender, the U.S. can close the vulnerability gap, deny adversaries the easy path to critical systems, and ultimately win the AI arms race that truly matters—keeping vital infrastructure safe from exploitation.