Google disrupts hackers using AI to exploit an unknown weakness in a company’s digital defense

Google announced on Monday it had thwarted a cyberattack involving hackers who used artificial intelligence to identify and exploit an undisclosed vulnerability in a company’s security systems. The incident, described as a zero-day exploit, allowed attackers to bypass two-factor authentication and target a widely used online administration tool. Google confirmed the hackers employed a large language model—likely not its own Gemini or Anthropic’s Mythos—to discover the flaw before notifying the affected company and disrupting the operation. The attack highlights a rising threat: criminal groups leveraging AI to accelerate vulnerability discovery and exploitation. John Hultquist, Google’s threat intelligence chief, warned that AI-driven cyberattacks are now a reality, giving hackers a speed advantage over defenders in races to prevent data breaches or ransomware deployment. While Google did not name the hackers or the AI model used, it ruled out state-backed actors, though groups linked to China and North Korea have explored similar tactics. The disclosure follows recent advancements in AI, including Anthropic’s Mythos model, which has intensified calls for regulation. The Trump administration’s Commerce Department briefly announced agreements with Google, Microsoft, and xAI to pre-release review AI models, echoing prior Biden-era efforts with Anthropic and OpenAI. However, the announcement was later removed from the department’s website, signaling inconsistent policy signals. Experts like Dean Ball, a former White House tech adviser, acknowledge the need for oversight despite opposition to regulation. ‘I don’t like regulation,’ Ball stated, ‘but I think we need it in this case.’ The mixed messaging from the Trump administration contrasts with broader industry warnings about AI’s unchecked risks to cybersecurity infrastructure. Google’s intervention marks the first confirmed instance of AI directly aiding in a zero-day exploit, raising alarms about the technology’s dual-use potential. As hackers adopt AI tools to outpace defenses, companies and governments face mounting pressure to adapt strategies—whether through regulation, collaboration, or rapid patching—to mitigate emerging threats.