Google’s Threat Intelligence Group (GTIG) announced the discovery of a zero-day exploit believed to be developed by artificial intelligence, marking a significant first in cybersecurity. The exploit was reportedly designed for a “mass exploitation event,” and Google stated that its proactive detection might have prevented its use.
Google clarified that it does not think its own Gemini models were used in the exploit’s development, but maintained “high confidence” that an AI model played a role in the discovery and weaponization process. The specific target of the exploit was not disclosed, although Google notified the affected company, which subsequently applied a patch to address the issue.
The identities of the threat actors remain undisclosed; however, Google hinted at involvement from groups linked to China and North Korea, which have shown “significant interest” in using AI for exploiting security vulnerabilities. John Hultquist, chief analyst at GTIG, described the situation as “a taste of what’s to come” and referred to it as “the tip of the iceberg,” suggesting this is only the beginning of such attacks.
The GTIG report noted that threat actors are employing AI in various stages of cyberattacks, while also emphasizing that AI can serve as a powerful tool for defenders against these threats. Other companies are similarly harnessing AI for security measures, with Anthropic recently announcing Project Glasswing, aimed at identifying and guarding against “high-severity vulnerabilities.”
