This [1] post last year pointed to Google Project Zero, which found dozens of exploits in popular AV software. What if your third-party AV is your lowest hanging fruit? How many issues did your AV itself cause? How would you know?
Im aware of the research p0 did on AV -- its very important, and their findings were fed back to the vendors, to improve their products.
AV is not the low hanging fruit, there has never been a discovered malware that exploits an AV bug. It might happen, but you are a million times more likely to find a garden variety malware that all AV detects.
(of course i am ignoring APT/nation state 0day, as it is not specifically about AV, all software is vulnerable against an adversary of this skill). If you worry is APT attacking your AV, you best to be looking at your Operating Systems first.
(of course i am ignoring APT/nation state 0day, as it is not specifically about AV, all software is vulnerable against an adversary of this skill). If you worry is APT attacking your AV, you best to be looking at your Operating Systems first.