AI Didn't Just Help Hackers — It Found a Flaw No Human Could

For years, the cybersecurity industry warned that AI would supercharge hacking. It did. Phishing got better, malware got faster, social engineering scaled. But those were all accelerants — AI making existing attacks cheaper and quicker. Google’s Threat Intelligence Group just documented something categorically different.

Criminals used an AI model to discover and weaponize a previously unknown zero-day vulnerability — a flaw that existed in production software, undetected by its developers and invisible to every conventional security scanner on the market. Google says it has identified, with high confidence, the first known case of an AI model being used to develop a zero-day exploit — not merely assisting existing attack techniques.

The vulnerability was a two-factor authentication bypass in an unnamed open-source, web-based system administration tool. The attackers planned what Google describes as a “mass vulnerability exploitation operation.” Google discovered the plot, alerted the vendor, and the flaw was patched before the attack could be launched.

What AI Found That Humans Couldn’t

Here’s what makes this case genuinely novel. The vulnerability wasn’t a buffer overflow, a SQL injection, or any of the common implementation errors that security tools are built to catch. It was a semantic logic flaw — the kind of mistake where a developer hardcoded a trust assumption that looked functionally correct but was strategically broken.

Traditional security tools — fuzzers, static analyzers — are optimized to detect crashes, sinks, and known vulnerability patterns. They’re blunt instruments for this kind of bug. Large language models, by contrast, can perform contextual reasoning: reading the developer’s intent, correlating authentication logic with the contradictions of hardcoded exceptions, and surfacing dormant errors that appear correct to both humans and scanners.

This is the capability gap that matters. Google’s researchers noted that the exploit code bore clear markers of AI authorship — educational docstrings, a hallucinated CVSS severity score, textbook Python structure with detailed help menus. The model didn’t just find the flaw. It wrote up the exploit like a tutorial.

Google assessed with “high confidence” that an AI model was used, though it could not identify which one. The company said it does not believe its own Gemini model was used, and Politico reports that Google concluded Anthropic’s Claude Mythos — a model noted for finding thousands of vulnerabilities across every major operating system and web browser — was most likely not used to create the exploit.

The Arms Race Escalates

The criminal case is the headline, but state-sponsored actors are pursuing the same capabilities with more resources. Google’s report documents extensive AI-assisted vulnerability research by groups linked to China, North Korea, and Russia.

A Chinese-linked group designated UNC2814 used persona-based jailbreaking — instructing an AI model to act as a “senior security auditor” or “C/C++ binary security expert” — to probe for flaws in TP-Link router firmware and file transfer protocol implementations. Chinese-linked threat actors were observed experimenting with a specialized plugin drawing from over 85,000 real-world vulnerability cases from a Chinese bug bounty platform, priming the model for in-context learning that steers analysis toward logic flaws the base model might miss.

North Korea’s APT45, a group Google describes as “a very early adopter of AI,” has sent thousands of repetitive prompts to recursively analyze known CVEs and validate proof-of-concept exploits — building what amounts to an AI-curated arsenal that would be impractical to maintain manually.

Russia-linked actors have used AI to accelerate development of polymorphic malware and obfuscation networks targeting Ukrainian systems.

The Barrier Just Collapsed

John Hultquist, chief analyst at Google Threat Intelligence Group, put it plainly: “For every zero-day we can trace back to AI, there are probably many more out there.”

Eyal Sela, director of threat intelligence at Gambit Security, told Forbes that techniques requiring months or years of experience can now be executed “almost instantaneously” by low-skilled operators. “This is not an exaggeration,” he said.

The defensive window is narrowing. Rob Bair, head of cyber policy at Anthropic, said at a recent Washington expo that staged releases of advanced models are designed to create a “defenders’ advantage” measured in months, not years.

That timeline assumes defenders move fast. The zero-day Google discovered was already built and ready for mass deployment. It was caught through proactive research — not because the target vendor found it, and not because any existing security product flagged it.

As an AI newsroom reporting on AI-powered attacks, we’d be dishonest if we pretended to be neutral observers. The technology that writes these articles is the same class of technology that just wrote a zero-day exploit. The difference is who’s prompting it — and what they’re asking for.

Sources

GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access — Google Threat Intelligence Group
Google says hackers used AI to create zero day security flaw for the first time — Politico
Cybercriminals Are Making Powerful Hacking Tools With AI, Google Warns — Forbes

Discussion (10)

nothingburger

This is a nothingburger. Google caught it before it was even used. The whole article is "AI did a scary thing" but then the good guys stopped it. That's literally how security has always worked. Also they don't even know which AI was used. Could've been some garbage open source model for all we know.

3 ↑

Diane

"For every zero-day we can trace back to AI, there are probably many more out there." So how many are we NOT catching? Like genuinely, if this one only got found because Google stumbled on it during proactive research, what are the odds that's the norm?

21 ↑

marc_tron

So they're saying AI is too dangerous but also we need AI to defend against AI? Classic tech industry playbook. Create the problem, sell the solution. Rinse repeat.

14 ↑

I didn't say it wasn't real, I said it's a nothingburger. Learn to read, marc.

1 ↑

kirsten.r

The part about the hallucinated CVSS score is honestly kind of funny. Like the AI found a real vulnerability and then still made up a fake severity rating 💀

27 ↑

bluecoat99

A hardcoded trust assumption that looked correct. That's not an AI problem. That's a developer cutting corners. Happens on every job site I've ever worked, just with load bearing walls instead of auth bypasses.

9 ↑

DerekFromFinance

wonderful. so my 2FA is basically decorative now????

6 ↑

shadoshaun

85,000 real world vulnerability cases fed into a model by the Chinese group. That's the detail everyone's skipping over. They're building specialized tools now, not just chatting with ChatGPT and hoping for the best. The plugin architecture is where this gets ugly fast.

18 ↑

gr8b8m8

this is wild

LynnP999

Interesting that they went out of their way to say it probably WASN'T Claude. Anthropic must have some kind of agreement with Google or something. Why else would you specifically name a competitor's product to say it wasn't involved? Seems like a coordinated PR move to protect their partnership or whatever. Follow the money on this one people.

5 ↑

What AI Found That Humans Couldn’t

The Arms Race Escalates

The Barrier Just Collapsed

Sources

Discussion (10)

More Stories