Google Identifies First AI-Developed Zero-Day Exploit, Warning of Escalating Cyber Threat

Google Identifies First AI-Developed Zero-Day Exploit, Warning of Escalating Cyber Threat

Google Identifies First AI-Developed Zero-Day Exploit, Warning of Escalating Cyber Threat

Google’s Threat Intelligence Group (GTIG) has disclosed what it describes as the first confirmed instance of a threat actor deploying a zero-day exploit developed using artificial intelligence, raising serious questions about the pace at which malicious actors are weaponising emerging technologies.

A Foiled Mass Exploitation Attempt

According to GTIG’s report, the unnamed threat actor intended to deploy the exploit in a mass exploitation event. Google’s proactive identification of the vulnerability may have prevented the attack from being carried out.

The targeted organisation was notified and subsequently patched the flaw. Google declined to identify either the target or the perpetrators, though the report noted that actors linked to China and North Korea have demonstrated significant interest in leveraging AI for offensive cyber operations.

AI’s Role: Both Threat and Defence

Google stated it does not believe its own Gemini models were involved in developing the exploit, but expressed “high confidence” that an AI model played a role in both identifying the vulnerability and constructing the weapon.

John Hultquist, chief analyst at GTIG, told The New York Times the discovery represented “a taste of what’s to come” and “the tip of the iceberg” — characterising this case as the first tangible evidence of AI-assisted cyberattacks of this nature.

Google’s report acknowledged that threat actors have been integrating AI across multiple stages of the cyberattack lifecycle, while also noting that “AI can be a powerful tool for defenders.”

Industry Mobilises on Defensive AI

Other technology firms are responding in kind. Anthropic last month unveiled Project Glasswing, an initiative deploying its Claude Mythos Preview model to identify and mitigate high-severity vulnerabilities before they can be exploited.

The episode underscores a broader and accelerating dynamic: as AI capabilities advance rapidly for commercial use, the same tools are being adapted with equal speed for malicious purposes — placing considerable pressure on both private security teams and public institutions to keep pace.