{"id":34794,"date":"2026-05-11T15:51:09","date_gmt":"2026-05-11T15:51:09","guid":{"rendered":"https:\/\/www.europesays.com\/ai\/34794\/"},"modified":"2026-05-11T15:51:09","modified_gmt":"2026-05-11T15:51:09","slug":"google-finds-first-ai-assisted-zero-day-cyberattack","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ai\/34794\/","title":{"rendered":"Google Finds First AI-Assisted Zero Day Cyberattack"},"content":{"rendered":"<p>Google says cybercriminals have now crossed a major line in cybersecurity after detecting what it believes is the first known AI-assisted zero day cyberattack.<\/p>\n<p>Quick Summary \u2013 TLDR:<\/p>\n<p>Google detected a zero day exploit likely developed with AI assistance.<\/p>\n<p>The attack targeted a popular open source administration tool.<\/p>\n<p>The exploit could bypass two factor authentication.<\/p>\n<p>Researchers say this may only be the beginning of AI powered cyberattacks.<\/p>\n<p>What Happened?<\/p>\n<p>Google\u2019s Threat Intelligence Group and Mandiant researchers revealed that a criminal hacking group likely used an artificial intelligence model to discover and weaponize a previously unknown software vulnerability.<\/p>\n<p>The exploit was designed to bypass two factor authentication in a popular open source web based system administration platform. Google says it worked with the software vendor quickly enough to patch the flaw before attackers could launch a large scale campaign.<\/p>\n<p lang=\"en\" dir=\"ltr\">New: Google researchers say a cybercrime group used AI to create a zero-day tool designed to bypass two-factor authentication, the first such case caught by Google\u2019s Threat Intelligence Group.<\/p>\n<p>Source: Bloomberg <a href=\"https:\/\/t.co\/oH4tX9a9XN\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" aria-label=\"pic.twitter.com\/oH4tX9a9XN (opens in new window)\">pic.twitter.com\/oH4tX9a9XN<\/a><\/p>\n<p>\u2014 SolanaFloor (@SolanaFloor) <a href=\"https:\/\/twitter.com\/SolanaFloor\/status\/2053835001146597803?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" aria-label=\"May 11, 2026 (opens in new window)\">May 11, 2026<\/a> <\/p>\n<p>Google Says AI Is Now Helping Hackers Find Vulnerabilities<\/p>\n<p>For years, cybersecurity experts warned that AI could eventually help hackers discover hidden flaws in software faster than humans. Until now, there had been little public evidence of that happening in real world attacks.<\/p>\n<p>Google now says that has changed.<\/p>\n<p>According to the company, researchers found strong indicators that the exploit code was generated with the help of an AI model. The company clarified that it does not believe its own <a href=\"https:\/\/sqmagazine.co.uk\/google-gemini-ai-statistics\/\" type=\"post\" id=\"8087\" rel=\"nofollow noopener\" target=\"_blank\">Gemini chatbot<\/a> was involved.<\/p>\n<p>Google explained that the malicious Python script contained several signs commonly associated with AI generated code. This included unusually detailed educational comments, structured formatting, clean help menus, and even a hallucinated CVSS security score that did not actually exist.<\/p>\n<p>\u201cWe have high confidence that the actor likely leveraged an A.I. model to support the discovery and weaponization of this vulnerability,\u201d Google said in its report.<\/p>\n<p>Security researchers believe these clues are among the clearest evidence yet that AI is moving from being a support tool for hackers to becoming an active part of <a href=\"https:\/\/sqmagazine.co.uk\/cybersecurity-attacks-statistics\/\" type=\"post\" id=\"6913\" rel=\"nofollow noopener\" target=\"_blank\">cyberattack development<\/a>.<\/p>\n<p>The Attack Could Have Triggered Mass Exploitation<\/p>\n<p>The zero day vulnerability reportedly allowed attackers to bypass authentication protections, although hackers still needed valid usernames and passwords to gain access.<\/p>\n<p>Google did not reveal the name of the affected software tool or identify the cybercrime group behind the operation. However, the company said the attackers appeared to be preparing for a widespread exploitation campaign before researchers intervened.<\/p>\n<p>John Hultquist, chief analyst at Google Threat Intelligence Group, described the discovery as an early warning sign for the <a href=\"https:\/\/sqmagazine.co.uk\/cybersecurity-statistics\/\" type=\"post\" id=\"7537\" rel=\"nofollow noopener\" target=\"_blank\">cybersecurity industry<\/a>.<\/p>\n<p>Hultquist said:<\/p>\n<p>\u201c<\/p>\n<p class=\"blockquote-text\">It\u2019s a taste of what\u2019s to come. We believe this is the tip of the iceberg.<\/p>\n<p>John HultquistChief Analyst \u2013 Google Threat Intelligence Group<\/p>\n<p>The report also noted that modern AI systems are becoming especially good at finding high level logic flaws that traditional security scanners often miss. Instead of searching for common coding mistakes, AI models can increasingly understand developer intent and identify security contradictions hidden deep inside software logic.<\/p>\n<p>\t\t\t\t\t<img src=\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/newsletter.png\" height=\"365\" width=\"376\" class=\" sp-no-webp\" alt=\"Newsletter\" decoding=\"async\" loading=\"lazy\" fetchpriority=\"low\"  \/> <\/p>\n<p>Subscribe To Our Newsletter!<\/p>\n<p>Be the first to get exclusive offers and the latest news.<\/p>\n<p>China and North Korea Linked Groups Expanding AI Use<\/p>\n<p>Google\u2019s wider report also revealed that state sponsored hacking groups from China and North Korea are rapidly increasing their use of <a href=\"https:\/\/sqmagazine.co.uk\/ai-tools-usage-statistics\/\" type=\"post\" id=\"9359\" rel=\"nofollow noopener\" target=\"_blank\">AI tools<\/a>.<\/p>\n<p>Chinese linked threat actors reportedly used advanced agentic frameworks such as Strix and Hexstrike during attacks on Japanese technology companies and cybersecurity organizations.<\/p>\n<p>Another Chinese group known as UNC2814 used persona based <a href=\"https:\/\/sqmagazine.co.uk\/ai-jailbreaking-statistics\/\" type=\"post\" id=\"21120\" rel=\"nofollow noopener\" target=\"_blank\">jailbreak prompts<\/a> to make AI models behave like senior security auditors while researching vulnerabilities in embedded systems and TP Link firmware.<\/p>\n<p>Meanwhile, North Korean hacking group APT45 reportedly sent thousands of automated prompts to analyze CVEs and validate proof of concept exploits at scale.<\/p>\n<p>Google says AI is helping threat actors automate research, malware development, phishing operations, obfuscation techniques, and even autonomous malware behavior.<\/p>\n<p>AI Is Becoming Both a Weapon and a Target<\/p>\n<p>The report also highlighted growing attacks on AI ecosystems themselves. Researchers observed hackers targeting AI supply chains, developer tools, open source AI components, and API infrastructure to gain broader network access.<\/p>\n<p>At the same time, Google says it is also using AI defensively. The company highlighted projects such as Big Sleep, an AI agent designed to discover software vulnerabilities, and CodeMender, which aims to automatically patch insecure code.<\/p>\n<p>Many experts believe AI could eventually improve cybersecurity by helping developers write safer software. But they also warn that the short term risks are growing rapidly as attackers gain access to increasingly capable AI systems.<\/p>\n<p>SQ Magazine Takeaway<\/p>\n<p>I think this is the moment the cybersecurity industry has been quietly expecting for years. AI is no longer just helping hackers write phishing emails or automate simple tasks. It is now being used to discover serious software vulnerabilities that even experienced researchers can miss.<\/p>\n<p>What stands out here is not just the exploit itself, but how quickly this technology is evolving. If criminal groups are already experimenting with AI generated zero day attacks today, the next few years could completely reshape digital security. Companies that still treat AI threats as theoretical problems are going to fall behind very quickly.<\/p>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n","protected":false},"excerpt":{"rendered":"Google says cybercriminals have now crossed a major line in cybersecurity after detecting what it believes is the&hellip;\n","protected":false},"author":2,"featured_media":34795,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[24,53,2408,132,1429,22149,66,22074],"class_list":{"0":"post-34794","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-google","8":"tag-ai","9":"tag-anthropic","10":"tag-gemini","11":"tag-google","12":"tag-google-ai","13":"tag-mandiant","14":"tag-news","15":"tag-zero-day-exploit"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/34794","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=34794"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/34794\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/34795"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=34794"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=34794"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=34794"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}