Hackers use AI to create worst security flaw for first time, Google reveals

Google’s Threat Intelligence Group (GTIG) has identified the first instance of hackers using artificial intelligence to create a zero-day exploit, a previously unknown security flaw in software. The threat actor intended to use this exploit in a large-scale attack but was stopped by Google’s proactive measures, as outlined in a report published Monday. The discovery marks a significant escalation in cyber threats, as AI tools now enable criminals to discover vulnerabilities more efficiently than ever before. GTIG researchers noted that hackers linked to China and North Korea have shown particular interest in AI-driven zero-day exploitation. AI bot attacks have surged over the past year, increasing from 2 million to 25 million incidents worldwide, according to recent reports. This rise coincides with advancements in AI security tools, such as Anthropic’s Mythos model, which has already uncovered vulnerabilities in major operating systems and web browsers. While Mythos is currently restricted to select tech and financial organizations, its capabilities highlight the dual-use risk of AI in cybersecurity. Google’s report warns that threat actors are accessing premium AI models through illicit channels to bypass usage limits, enabling large-scale misuse. The infrastructure supporting these attacks relies on automated account cycling and trial abuse to sustain operations, posing a growing challenge to global cyber defenses. The development underscores the urgent need for improved detection and mitigation strategies as AI continues to reshape both offensive and defensive cybersecurity tactics.