MOUNTAIN VIEW,, Calif. — As if credit union CEOs and CISOs didn’t have enough to worry about, Google researchers said they believe they have identified the first known case of cybercriminals using artificial intelligence to develop a “zero-day” software exploit, a milestone experts say could accelerate the speed and sophistication of future cyberattacks.
According to a report released May 11 by Google’s Threat Intelligence Group, the company detected and disrupted an attempted attack in which hackers allegedly used a large language model to discover and weaponize a previously unknown software flaw in a widely used open-source system administration tool.
Google said it had “high confidence” artificial intelligence was used to help both identify the vulnerability and create the exploit code designed to bypass two-factor authentication protections.
Flaws Unknown to Developers
Zero-day vulnerabilities are software flaws unknown to developers or vendors, leaving organizations with “zero days” to patch the issue before attackers can exploit it. Such vulnerabilities are considered among the most dangerous tools in cybercrime and state-sponsored hacking operations.
The company said the attack was stopped before it could be broadly deployed after Google alerted the affected software developer. Google declined to identify the cybercrime group involved, the targeted software or the AI model allegedly used in the operation. The company said researchers do not believe the exploit was developed using Google’s Gemini model or Anthropic’s Mythos model.
An Era Arrives
John Hultquist, chief analyst at Google Threat Intelligence Group, said the incident demonstrates that the “AI-driven vulnerability and exploitation” era has already arrived.
Google researchers said several indicators suggested AI involvement in the exploit’s development, including “hallucinated” vulnerability scoring references and coding patterns resembling training examples commonly generated by large language models.
The exploit reportedly targeted a logic flaw created by a hardcoded trust assumption within authentication systems — the kind of complex semantic weakness that researchers say advanced AI models are becoming increasingly capable of identifying.
Growing Concerns
The findings come amid growing concern within the cybersecurity industry that artificial intelligence could dramatically reduce the time and expertise needed to create sophisticated hacking tools. Google’s report said criminal organizations as well as state-linked actors from China, Russia and North Korea are increasingly experimenting with AI-assisted vulnerability research, malware development and phishing campaigns.
Other security researchers have separately documented rapid advances in AI-assisted exploit development. The Wall Street Journal reported this month that researchers used Anthropic’s AI model Mythos to help discover a sophisticated method of bypassing Apple MacOS protections by chaining together multiple software bugs.
