I'm honestly not convinced any of these vendors are able to do anything about zero days either. They mostly seem to try and catch post exploitation and trying to detect "weird shit" happening post compromise (persistence, exfiltration, etc.). No AI/ML security product is going to stop someone from throwing a kernel exploit a disappearing into the night.