Trend Micro — ÆSIR: AI Agents Finding Zero-Days in AI Infrastructure
AI Relevance: Trend Micro's ÆSIR platform uses AI agents to autonomously discover zero-day vulnerabilities in the AI stack itself—NVIDIA, MLflow, MCP servers—demonstrating that AI infrastructure is both the tool and the target.
- TrendAI™ has introduced ÆSIR (AI-Enhanced Security Intelligence & Research), a platform combining AI automation with human expert oversight for proactive vulnerability discovery.
- Since mid-2025, ÆSIR has uncovered 21 critical CVEs across NVIDIA, Tencent, MLflow, and MCP tooling—all part of the foundational AI infrastructure stack.
- Two core components: MIMIR for real-time threat intelligence correlation across thousands of sources, and FENRIR for zero-day vulnerability discovery via automated codebase analysis.
- Speed advantage: ÆSIR can scan massive codebases in hours instead of the weeks a human team would require, while researchers direct the AI and validate findings.
- AI CVEs are growing exponentially: from ~300 in 2023 to over 1,000 in 2025 (70% YoY increase), driven by the rapid expansion of AI deployment surfaces.
- All discoveries go through responsible disclosure with patch bypass verification—ensuring fixes actually work before public release.
- The platform is explicitly aimed at AI infrastructure libraries: the shared code (CUDA, serving frameworks, protocol implementations) that underpins thousands of downstream deployments.
Why it matters
- The "who secures the AI" question now has a concrete answer: AI agents secure AI infrastructure, at machine speed. Manual vulnerability research cannot scale to match the 70% YoY CVE growth rate.
- Library-level vulnerabilities (NVIDIA drivers, MLflow, MCP SDKs) have massive blast radius—a single bug affects every downstream consumer.
- If defenders use agents to find bugs, adversaries will too. The time between patch release and working exploit is collapsing.
What to do
- Track AI-stack CVEs: Monitor NVD/GitHub advisories for NVIDIA, vLLM, MLflow, LangChain, and MCP implementations—they are now high-velocity targets.
- Patch faster: A 30-day patching cycle is likely too slow when adversaries can read the patch diff and derive exploits autonomously.
- Inventory your AI dependencies: Know which GPU drivers, serving frameworks, and protocol libraries you run—and subscribe to their security advisories.
- Consider AI red teaming: Use automated analysis tools against your own codebases before adversaries do.