USING ARTIFICIAL INTELLIGENCE METHODS TO DETECT ZERO-DAY VULNERABILITIES
DOI: 10.31673/2409-7292.2025.041212
DOI:
https://doi.org/10.31673/2409-7292.2025.041212Abstract
Rapid digitalization and widespread use of open-source software significantly increase the risks of new threats in
software supply chains. Zero-day vulnerabilities are especially dangerous, which can imperceptibly enter projects through thirdparty libraries and remain undetected until their actual operation. In such conditions, it is relevant to find approaches that can
provide proactive dependency analysis and timely detection of potentially dangerous components. The aim of the article is to
assess the possibilities of using artificial intelligence methods to identify vulnerable third-party libraries and analyze the
effectiveness of such an approach based on modeling a real incident of compromise of a third-party library. The paper describes
the characteristic properties of zero-day vulnerabilities, and also emphasizes the limitations of traditional security tools that are
not always able to respond promptly to new threats or take into account transitive dependencies. The conducted experiment
involved the analysis of ten test projects using an agent approach based on various artificial intelligence models, which allowed
us to assess their ability to detect compromised components, generate structured reports, and provide recommendations for
minimizing risks. The results obtained confirmed the accuracy of the approach and its potential for integration into modern
software development and maintenance processes. At the same time, the non-determinism of the work of language models was
emphasized, which necessitates additional verification of the obtained results. The conducted research outlines further
development prospects, in particular, improving proactive monitoring mechanisms, as well as developing methods for verifying results obtained using artificial intelligence methods, which will contribute to increasing the reliability and validity of analytical
conclusions.
Keywords: artificial intelligence, zero-day vulnerabilities, software security, automation, open libraries, software.
References
1. Systematic Review of Current Approaches and Innovative Solutions for Combating Zero-Day Vulnerabilities
and Zero-Day Attacks. (n.d.). Retrieved November 9, 2025, from https://ieeexplore.ieee.org/document/11028033.
2. Anasuri, S. (2023). Secure Software Supply Chains in Open-Source Ecosystems. International Journal of
Emerging Trends in Computer Science and Information Technology, 4(1), 62–74. https://doi.org/10.63282/3050-
9246.IJETCSIT-V4I1P108.
3. Gunasekara, A. (2023). AI-Driven Big Data Analytics for Transforming Cybersecurity for Zero-Day
Vulnerabilities in E-Commerce Supply Chains. Journal of Advances in Cybersecurity Science, Threat Intelligence, and
Countermeasures, 7(12), 17–31.
4. Kumar, V., & Sinha, D. (2021). A robust intelligent zero-day cyber-attack detection technique. Complex &
Intelligent Systems, 7, 2211–2234. https://doi.org/10.1007/s40747-021-00396-9.
5. (PDF) A Comprehensive Review of Open-Source Malware Scanners in the Software Supply Chain. (2025,
March 24). ResearchGate. https://www.researchgate.net/publication/395471396_A_Comprehensive_Review_of_OpenSource_Malware_Scanners_in_the_Software_Supply_Chain.
6. Pre-Build OSS Compliance: Automated Dependency, License, and CVE Detection. (n.d.). Retrieved November
9, 2025, from https://ieeexplore.ieee.org/abstract/document/11136967.
7. Shu, C., Chen, W., Fan, G., Yu, H., Huang, Z., & Liang, Y. (2025). Tool or Toy: Are SCA tools ready for
challenging scenarios? Computers & Security, 158, 104624. https://doi.org/10.1016/j.cose.2025.104624.
8. Imtiaz, N., Thorne, S., & Williams, L. (2021, August 27). A Comparative Study of Vulnerability Reporting by
Software Composition Analysis Tools. arXiv.Org. https://doi.org/10.1145/3475716.3475769.
9. Software Composition Analysis for Vulnerability Detection: An Empirical Study on Java Projects | Proceedings
of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software
Engineering (world). (n.d.). ACM Conferences. https://doi.org/10.1145/3611643.3616299.
10. Gunasekara, A. (2023). AI-Driven Big Data Analytics for Transforming Cybersecurity for Zero-Day
Vulnerabilities in E-Commerce Supply Chains. Journal of Advances in Cybersecurity Science, Threat Intelligence, and
Countermeasures, 7(12), 17–31.
11. Jiang, L., An, J., Huang, H., Tang, Q., Nie, S., Wu, S., & Zhang, Y. (2024, January 20). BinaryAI: Binary
Software Composition Analysis via Intelligent Binary Source Code Matching. arXiv.Org. https://arxiv.org/abs/2401.
11161v3.
12. Sane, P. (2020). Is the OWASP Top 10 List Comprehensive Enough for Writing Secure Code? 58–61. Scopus.
https://doi.org/10.1145/3437075.3437089.
13. GHSA-8mgj-vmr8-frr6—GitHub Advisory Database. (n.d.). GitHub. Retrieved November 17, 2025, from
https://github.com/advisories/GHSA-8mgj-vmr8-frr6.
14. debug-js. (n.d.). (RESOLVED) Version 4.4.2 published to npm is compromised · Issue #1005 · debugjs/debug. GitHub. Retrieved November 17, 2025, from https://github.com/debug-js/debug/issues/1005.
