Google’s Threat Intelligence Group (GTIG) announced the discovery of a zero-day exploit believed to be developed by artificial intelligence. This marks the company’s first identification of such an exploit, which was intended for a “mass exploitation event.” GTIG stated that the proactive discovery may have prevented potential attacks.
While Google does not believe its own Gemini models were involved in creating the exploit, it has “high confidence” that an AI model played a role in discovering and weaponizing the vulnerability. The specific target of the exploit was not disclosed, but Google informed the affected unnamed company, which subsequently patched the issue.
GTIG did not reveal the identities of the threat actors but mentioned that groups associated with China and North Korea have shown considerable interest in leveraging AI for cyber exploits. The report emphasized that threat actors are increasingly utilizing AI in various stages of cyberattacks, raising alarms about future risks associated with AI-driven attacks.
John Hultquist, GTIG’s chief analyst, described the incident as “a taste of what’s to come” and “the tip of the iceberg,” illustrating the evolving use of AI in cybercrime. He noted that this case represents the first “tangible evidence” of such attacks.
Despite the dangers posed by AI in skilled hands, Google asserted that AI can also be an effective tool for cybersecurity defense. Other companies are also implementing AI for protective measures. For instance, Anthropic announced Project Glasswing last month, which focuses on utilizing AI to identify and mitigate “high-severity vulnerabilities.”
