Google intercepts first AI-generated zero-day exploit in major cyber threat
Google's Threat Intelligence Group has confirmed the neutralisation of a planned mass exploitation campaign using a vulnerability developed with artificial intelligence assistance.
Google's Threat Intelligence Group (GTIG) has announced the discovery of the first-ever zero-day exploit developed with the assistance of artificial intelligence. The security team identified a threat actor preparing to launch a mass exploitation event using the vulnerability, but Google's proactive measures successfully intercepted the attack before it could be deployed. The targeted organisation has since been notified and has patched the issue to secure its systems.
While Google does not believe its own Gemini models were used in the attack, the company maintains high confidence that an external AI model assisted the perpetrators in discovering and weaponising the flaw. This marks a significant shift in the cyber threat landscape, as zero-day vulnerabilities are particularly dangerous because they remain unknown to software vendors and users, leaving them with no time to prepare a defence prior to an incident.
John Hultquist, chief analyst at GTIG, described the incident as "the tip of the iceberg" and "a taste of what's to come," suggesting that this event represents only the first tangible evidence of such sophisticated, AI-driven operations. The report indicates that threat actors have increasingly utilised AI across various stages of the cyberattack lifecycle, moving beyond simple automation to the creation of novel exploits.
Google noted that state-linked actors associated with China and North Korea have shown significant interest in leveraging AI to exploit security vulnerabilities. Although the specific identity of the threat actor remains undisclosed, the geographic patterns of interest align with state-sponsored groups actively seeking to gain an advantage through advanced technological means.
In response to these evolving risks, other security firms are adopting similar AI-driven defensive measures to counter the threat. For instance, Anthropic recently launched Project Glasswing, an initiative designed to use its Claude Mythos Preview model to find and defend against high-severity vulnerabilities. This development underscores a growing trend where artificial intelligence is being deployed by both attackers and defenders in the ongoing battle for digital security.
