Who typically discovers Zero Day vulnerabilities?

Zero Day vulnerabilities are security flaws in software or hardware that are unknown to the vendor and haven't been patched. These vulnerabilities are often discovered by threat actors, particularly those associated with nation-states, as they may seek to exploit these weaknesses for strategic advantages in areas such as espionage, sabotage, or cyber warfare. Nation-state actors typically possess the resources, expertise, and motivation to find and leverage these vulnerabilities before they become public knowledge or are disclosed to the software vendors, making this group uniquely positioned to discover such vulnerabilities.

While software developers may find vulnerabilities during testing or cybersecurity professionals may identify issues during their analysis, these scenarios usually involve known vulnerabilities rather than Zero Day exploits. Similarly, corporate security teams may uncover weaknesses during audits, but by that stage, the vulnerabilities are often already known and addressed. This context highlights why nation-state threat actors are the primary discoverers of Zero Day vulnerabilities.