N. Korean hackers using AI to find cybersecurity blind spots, Google says

Alphabet’s Google revealed in a report that state-sponsored hackers from North Korea and China are increasingly using artificial intelligence to uncover previously unknown cybersecurity vulnerabilities. The threat intelligence team noted a particular focus from clusters linked to the People’s Republic of China and the Democratic People’s Republic of Korea (DPRK). North Korea’s APT45 hacking group demonstrated this capability by sending thousands of repetitive AI prompts to systematically analyze cybersecurity weaknesses for potential exploitation. Google detailed how APT45 used AI to detect a zero-day exploit planned for mass attacks, which the company successfully blocked. Zero-day exploits are vulnerabilities unknown to developers, leaving organizations unprepared to defend against them. This incident marks the first confirmed case of attackers leveraging AI to identify and weaponize such flaws at scale. The report follows global cybersecurity concerns heightened by Anthropic’s latest AI model, Claude Mythos, designed to detect software vulnerabilities. Unlike most AI tools, Anthropic has restricted Claude Mythos to select companies and institutions for defense security testing, avoiding public release. The development underscores the escalating arms race between cybersecurity defenses and AI-driven offensive tactics by state-backed hackers. Experts warn that AI’s role in vulnerability research could accelerate cyber threats, as attackers refine their methods to bypass traditional defenses. Google’s findings highlight the urgent need for advanced countermeasures to address AI-assisted hacking techniques. The revelation comes as governments and tech firms race to mitigate risks posed by both state and criminal actors exploiting emerging technologies.