For The First Time Ever, Hackers Use AI To Develop Zero-Day Exploits

Author:

Using an unordered list, summarize the following article with between 4 and 8 key points.

Cybercriminals have successfully used artificial intelligence to identify and weaponize a previously unknown software vulnerability for the first time, according to a major warning issued by Google’s Threat Intelligence Group (GTIG), a historic escalation in AI-driven cyber warfare.

The incident, disclosed in Google’s latest AI Threat Tracker Report published on May 11, is believed to be the first confirmed case in which threat actors used AI not only to assist with coding or phishing operations, but to actively discover and operationalize a genuine zero-day vulnerability capable of bypassing two-factor authentication protections.

The discovery represents a watershed moment for the global security industry, which has spent years warning that generative AI would eventually enable hackers to automate some of the most technically difficult aspects of cyberattacks.

This changes the threat landscape significantly, The concern was never whether AI would be used offensively, but when it would cross the line into autonomous exploit development.”

What Google Discovered

According to GTIG, multiple “prominent” cybercrime actors collaborated on plans for a mass exploitation campaign targeting a widely used open-source web-based system administration platform.

Investigators believe the attackers used an AI model to identify a previously undiscovered vulnerability before developing malicious code designed to exploit it.

The flaw would have allowed attackers to bypass two-factor authentication (2FA), one of the most widely adopted cybersecurity protections used to secure online accounts and enterprise systems.

Google said it worked with the affected software vendor to patch the vulnerability and disrupt the operation before the exploit could be deployed at scale.

“This is the first evidence we have observed of threat actors successfully using AI to support the discovery and weaponization of a zero-day vulnerability,” Google researchers wrote.

The company also emphasized that neither Google Gemini nor Anthropic’s Mythos AI systems were used in the operation.

Evidence Points to AI-Generated Code

Forensic analysis of the exploit strongly suggested that the malicious code had been generated or heavily assisted by a large language model.

The Python-based exploit script reportedly contained several hallmarks associated with AI-generated programming output, including unusually formal educational-style docstrings, highly structured formatting, and coding conventions commonly seen in LLM training data.

One of the clearest indicators was the inclusion of a fabricated CVSS vulnerability severity score — an apparent hallucination generated by AI.

Cybersecurity researchers increasingly view hallucinated references, fake citations, and invented technical metadata as one of the strongest fingerprints of generative AI involvement.

The exploit looked polished in some places but artificial in others. This combination is becoming characteristic of AI-assisted malware development.

Why Zero-Day Exploits Matter

Zero-day vulnerabilities are among the most dangerous tools in cyber operations because software vendors are unaware of the flaws and therefore have no patches available when attacks begin.

Such exploits are highly valuable on underground markets and are often used by elite state-sponsored hacking groups to infiltrate governments, corporations, and critical infrastructure.

Historically, discovering and weaponizing a zero-day vulnerability required highly advanced expertise in reverse engineering, software analysis, and exploit development — skills possessed by only a small number of specialists worldwide.

The introduction of AI into that process could dramatically lower the barrier to entry for sophisticated cyberattacks.

Generative AI systems may increasingly automate large portions of vulnerability research, allowing cybercriminal groups to discover flaws faster and at greater scale than ever before.

Experts Warn the AI Arms Race Has Already Started

John Hultquist, chief analyst at GTIG, warned that the industry may already be seeing only a fraction of AI-assisted exploit activity occurring globally.

“There’s a misconception that the AI vulnerability race is imminent. The reality is that it’s already begun,” Hultquist said. “For every zero-day we can trace back to AI, there are probably many more out there.”

The comments reflect growing concern within intelligence and cybersecurity communities that offensive AI capabilities are advancing more rapidly than public awareness or defensive technologies.

Researchers have repeatedly warned that the speed of AI development is outpacing the ability of governments and corporations to regulate or secure its use.

Nation-State Hackers Increasingly Using AI

The GTIG report also detailed how state-sponsored hacking groups are aggressively experimenting with artificial intelligence technologies.

According to Google, cyber operations linked to China and North Korea have demonstrated “significant interest” in using AI for vulnerability discovery, operational planning, and offensive cyber research.

Western intelligence agencies have previously warned that governments are investing heavily in AI-enabled cyber capabilities as part of broader digital warfare strategies.

AI could eventually assist with:

Automated exploit discovery
Malware development
Target reconnaissance
Credential theft operations
Social engineering attacks
Persistence mechanisms
Evasion of antivirus systems

The ability to automate even portions of these activities could allow state actors to conduct larger and more persistent cyber campaigns with fewer personnel.

Cybercriminals Expanding AI Use Beyond Phishing

While AI-generated phishing emails and scams have become increasingly common since the rise of generative AI tools in 2022, researchers say attackers are now moving far beyond basic fraud operations.

Google’s report found growing evidence that criminal organizations are using AI to:

Improve malware obfuscation
Generate operational support tools
Automate intelligence gathering
Enhance social engineering campaigns
Develop more evasive attack techniques

In many cases, threat actors are using AI similarly to legitimate corporate users — conducting research, troubleshooting code, and streamlining workflows — but applying those capabilities toward criminal objectives.

By automating repetitive technical tasks, hackers can focus more resources on large-scale coordinated attacks.

“Threat actors are using AI to boost the speed, scale, and sophistication of their attacks,” Hultquist said.

“It enables them to test their operations, persist against targets, build better malware, and make many other improvements.”

Defensive Cybersecurity May Struggle to Keep Up

The emergence of AI-assisted zero-day development is likely to intensify pressure on organizations already struggling to defend against increasingly sophisticated attacks.

Defensive cybersecurity teams are also deploying AI-powered systems for threat detection, anomaly analysis, and automated incident response. However, analysts warn that attackers often adapt faster than defenders.

One major concern is that AI could eventually discover entirely new categories of vulnerabilities or attack chains beyond what human analysts are currently trained to recognize.

Security experts also worry about the rapid spread of open-source and uncensored AI models, some of which have fewer safeguards preventing malicious use.

Although major AI firms such as Google, OpenAI, Microsoft, and Anthropic have implemented restrictions designed to block harmful cyber-related outputs, researchers have repeatedly demonstrated methods for bypassing those protections.

Meanwhile, underground cybercrime communities have increasingly begun sharing modified or unrestricted AI systems specifically tailored for offensive use.

A New Era of AI-Driven Cyber Threats

The incident described by Google may ultimately be remembered as one of the first clear signs that artificial intelligence has entered a new phase within cyber warfare.

For years, security experts debated whether generative AI would fundamentally transform offensive hacking operations. That debate is now rapidly shifting from theory to reality.

What once seemed like a future threat is becoming operational in real time.

The broader fear among cybersecurity professionals is not simply that AI will make existing attacks faster, but that it could eventually enable entirely new forms of autonomous cyber exploitation at a scale previously impossible for human operators alone.

For governments, corporations, and security teams worldwide, the message from Google’s findings is becoming increasingly difficult to ignore: the AI cyber arms race is no longer coming — it has already begun.