Google said it has detected and preemptively blocked what it believes to be the first hacking attempt to exploit a "zero-day" vulnerability using artificial intelligence (AI). A zero-day attack refers to a security threat carried out just before a security patch is applied.
Google Threat Intelligence Group (GTIG) released an "AI Threat Tracking Report" Tuesday, stating that it had "discovered zero-day vulnerability attack code presumed to have been developed by a hacker group with the help of AI." The group said this "is the first case in which a threat actor successfully used AI to develop a zero-day."
The security industry has continued to express concern that AI's ability to detect security vulnerabilities could be exploited for zero-day attacks. This report shows that such attempts have now become reality. The hackers behind the attack were found to have attempted to bypass "two-factor authentication" by exploiting a software (SW) vulnerability. However, Google believes its own AI model, "Gemini," was not used in this attack.
Google also analyzed that hacking groups backed by North Korea and China are actively using AI. GTIG explained that "the North Korean threat group APT45 used AI to verify thousands of pieces of attack code and built attack assets on a large scale."
A trend of growing attack scale through the use of agentic AI tools such as OpenClaw was also detected. One China-linked hacker was found to have carried out an autonomous reconnaissance attack using agent tools to find vulnerabilities in a Japanese technology company.
"The war over vulnerabilities driven by AI has already begun," said John Hultquist, chief analyst at GTIG. "Threat actors are using AI in many ways to advance the speed, scale, and sophistication of their attacks. We must never underestimate the AI-enabled threats posed not only by state-backed forces but also by cybercrime groups," he emphasized.