MOUNTAIN VIEW, Calif. — Google says the artificial intelligence era of cybercrime has officially arrived.
Security researchers at Alphabet’s Google disclosed Monday that a criminal hacking group successfully used artificial intelligence to discover and weaponize a previously unknown software vulnerability in what the company describes as the first confirmed real-world cyberattack involving an AI-generated zero-day exploit.
The development marks a turning point cybersecurity experts have warned about for years: artificial intelligence systems moving beyond phishing emails and spam generation into the direct discovery and exploitation of previously undetected software flaws.
According to Google’s Threat Intelligence Group (GTIG), researchers uncovered the exploit while monitoring a cybercrime operation preparing for a potentially large-scale intrusion campaign targeting enterprise systems.
The vulnerability affected a widely used open-source web administration platform that Google declined to publicly identify. Researchers said the flaw would have allowed attackers to bypass two-factor authentication protections once valid user credentials had already been obtained.
Google said it worked quietly with the affected vendor to patch the vulnerability before the broader attack campaign could be launched, potentially preventing widespread exploitation.
What alarmed researchers most was not only the sophistication of the exploit itself, but the evidence suggesting artificial intelligence played a central role in creating it.
The malicious code reportedly contained multiple indicators commonly associated with AI-generated programming output, including unusually structured Python code, educational-style docstrings, textbook formatting patterns, and even a hallucinated CVSS vulnerability severity score — the kind of fabricated detail frequently produced by large language models.
Researchers also noted the vulnerability itself reflected a type of semantic logic flaw increasingly viewed as particularly suited for AI systems to uncover.
Unlike traditional software vulnerabilities involving memory corruption or input sanitation issues typically identified through conventional security testing methods, this flaw stemmed from contradictory authentication assumptions buried deep within application logic — the kind of higher-level conceptual inconsistency advanced AI systems are becoming increasingly effective at detecting.
“It’s here,” John Hultquist, chief analyst at Google Threat Intelligence Group, said Monday. “The era of AI-driven vulnerability and exploitation is already here.”
Hultquist warned the cybersecurity industry may only be seeing a fraction of the activity already underway.
“There’s a misconception that the AI vulnerability race is imminent,” he added. “The reality is that it’s already begun. For every zero-day we can trace back to AI, there are probably many more out there.”
Google said it does not believe its own Gemini AI model was used in the attack, though researchers have not identified which artificial intelligence platform the criminal group deployed.
The disclosure arrives amid rapidly escalating concern throughout both the cybersecurity and artificial intelligence industries over how quickly advanced AI models are improving at software analysis, coding, and autonomous problem-solving.
Google’s report documented additional examples of AI already being integrated into cyberattack operations, including malware development, attack automation, infrastructure deployment, evasion techniques, and AI-generated deepfake content used in influence campaigns.
The company also revealed that a Chinese cyberespionage group it tracks as UNC2814 has been actively probing Gemini’s internal safeguards using prompts designed to force the model into behaving like a specialized security expert for embedded systems.
Separately, Google found that a North Korean state-linked hacking group known as APT45 submitted thousands of prompts attempting to analyze software vulnerabilities and validate proof-of-concept exploit techniques.
The broader implications for governments, corporations, and infrastructure operators are profound.
Modern economies run on trillions of lines of software code spanning banking systems, hospitals, transportation networks, telecommunications infrastructure, energy grids, and cloud computing environments. Security experts increasingly fear that AI systems may soon be capable of identifying vulnerabilities inside those systems faster than humans can patch them.
The disclosure also comes during a period of accelerating AI capability across the technology sector.
Last month, Anthropic unveiled its advanced Claude Mythos model, which researchers said demonstrated an unprecedented ability to identify software vulnerabilities with a level of precision previously requiring highly specialized human expertise.
At the same time, governments are beginning to reconsider how aggressively advanced AI systems should be released publicly.
The Trump administration, which earlier this year rolled back several Biden-era AI oversight measures, is now reportedly reevaluating parts of its approach to vetting increasingly powerful frontier AI models before public deployment.
For businesses, the threat is no longer theoretical.
Cybersecurity experts warn that the most dangerous period may be the years immediately ahead — a window in which offensive AI capabilities advance faster than the global software ecosystem can harden itself against them.
And after Monday’s disclosure, one reality is becoming increasingly difficult for the technology industry to ignore: artificial intelligence is no longer just defending against cyberattacks — it is now helping create them.
JBizNews Desk
© JBizNews.com. All rights reserved. This article is original reporting by JBizNews Desk. Unauthorized reproduction or redistribution is strictly prohibited.
