Security researchers have warned for years that AI would eventually help hackers discover software flaws nobody knew about. That's not a warning anymore.
On Monday, Google's Threat Intelligence Group disclosed what it says is the first evidence of hackers using AI to develop a zero-day exploit. A zero-day is a vulnerability in software so new that even the company that built it doesn't know it exists, which makes it extremely valuable to attackers. Google intercepted this one before it could be deployed at scale.
The exploit was a Python script designed to bypass two-factor authentication on a popular web administration tool. It was written with the kind of clean, instructional formatting AI is known for: built-in help menus, educational comments throughout, and a security severity score that doesn't actually exist, likely hallucinated by the model that generated the code. Actual hackers don't usually write user guides for their exploits.
This wasn't amateurs, either. Google said the threat actor had a "strong record of high-profile incidents and mass exploitation," and that a prominent criminal group had planned the attack.
John Hultquist, chief analyst at Google's Threat Intelligence Group, told CyberScoop the find is "probably the tip of the iceberg" and added that there are probably several other AI-developed zero-days in play now.
Google's broader report shows this isn't just one criminal group. State-sponsored hackers are bringing AI into their operations across the board:
+ North Korea: Actors have been sending automated, repetitive prompts to AI models to validate exploits at a scale that would be "impractical to manage without AI."
+ China: Groups have been fine-tuning AI models using a database of over 85,000 real-world vulnerability cases from a Chinese bug bounty platform.
+ Russia: Hackers are using AI-generated junk code to disguise malware, with one sample padding itself with 32 meaningless system queries just to look harmless.
The defensive response has been fast. OpenAI launched Daybreak, a cybersecurity platform giving defenders access to frontier AI for threat detection. Anthropic introduced Project Glasswing, which puts its Mythos model to work scanning open-source software for hidden flaws before attackers find them. Elia Zaitsev, CTO of CrowdStrike, said the window between a vulnerability being discovered and being exploited has "collapsed" from months to minutes.
Whether these defensive tools are as good as advertised is another question. Daniel Stenberg, lead developer of Curl (one of the most widely used pieces of open-source software on the planet), participated in Anthropic's Glasswing program and received five "confirmed security vulnerabilities." After reviewing them, only one turned out to be a legitimate unknown issue. He called Mythos "an amazingly successful marketing stunt."
Google intercepted this zero-day, but Hultquist's "tip of the iceberg" comment is probably the most honest assessment anyone gave this week. AI doesn't just help skilled hackers work faster. It lets amateurs punch way above their weight, which means the volume of sophisticated attacks is about to spike in a way the industry hasn't seen before. The cybersecurity companies selling the fix are now powered by the same AI that created the problem, and in that kind of arms race, offense only needs to be right once.
