Google's Threat Intelligence Group has reported a first: hackers using AI to discover and exploit a zero-day vulnerability - a security flaw unknown to the software developer and without a fix. The target was a popular web-based system administration tool. The flaw allowed attackers to bypass two-factor authentication. Google says it spotted the attack before it could be deployed at scale and alerted the software vendor.
The zero-day vulnerability was not a conventional flaw. Traditional scanners look for crashes and memory errors, but this flaw was buried in the logic of the code - a subtle, hardcoded assumption by the developer that no automated scanner would catch. Frontier LLMs excel at identifying these high-level flaws and hardcoded static anomalies.
The report also highlights Chinese and North Korean state-sponsored hackers using AI to hunt for vulnerabilities at industrial scale. Russian-linked groups are using AI to develop malware that rewrites itself to evade detection. AI is transforming phishing, allowing attackers to map corporate hierarchies and generate tailored lures.
Google warns the shift is from AI as a research tool to an active combatant in the security sphere. Google's own AI tools flagged the zero-day before it could cause damage.