{"id":34865,"date":"2026-05-11T16:56:26","date_gmt":"2026-05-11T16:56:26","guid":{"rendered":"https:\/\/www.europesays.com\/ai\/34865\/"},"modified":"2026-05-11T16:56:26","modified_gmt":"2026-05-11T16:56:26","slug":"google-says-it-disrupted-an-ai-driven-effort-to-exploit-a-software-bug","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ai\/34865\/","title":{"rendered":"Google says it disrupted an AI-driven effort to exploit a software bug"},"content":{"rendered":"

Google said Monday that it had disrupted a criminal group\u2019s attempt to use artificial intelligence<\/a> to exploit another company\u2019s previously unknown digital vulnerability, adding to heightened worries across government and private industry about AI\u2019s risks for cybersecurity.<\/p>\n

Google shared limited information about the attackers and the target, but John Hultquist, chief analyst at the tech giant\u2019s threat intelligence arm, said it represents a moment cybersecurity experts have warned about for years: malicious hackers arming themselves with AI to supercharge their ability to break into the world\u2019s computers.<\/p>\n

\u201cIt\u2019s here,\u201d Hultquist said. \u201cThe era of AI-driven vulnerability and exploitation is already here.\u201d<\/p>\n

It comes at a time of leaps in AI\u2019s abilities to find vulnerabilities, including the Mythos model announced a month ago by Anthropic<\/a>. Among those trying to bolster their defenses is President Donald Trump\u2019s White House<\/a>, which has shifted its approach in how it plans to vet the most powerful AI models before their public release. <\/p>\n

After following through with a campaign promise to repeal Democratic President Joe Biden\u2019s guardrails<\/a> around the fast-developing technology, the Republican administration and its allies are now sending mixed signals about the government playing a larger role in AI oversight.<\/p>\n

\u201cSome people don\u2019t want there to be a regulatory response to this and others do,\u201d said Dean Ball, a senior fellow at the Foundation for American Innovation who was previously a White House tech policy adviser and a lead author of Trump\u2019s AI policy roadmap last year.<\/p>\n

\u201cI don\u2019t like regulation,\u201d Ball said. \u201cI would prefer for things not to be regulated. But I think we need to in this case.\u201d<\/p>\n

Google says it found evidence of AI helping in cyberattack<\/p>\n

Google said it observed a group of prominent \u201cthreat actors\u201d planning a big operation relying on a bug they had found. The vulnerability allowed them to bypass two-factor authentication to access a popular online system administration tool, which Google declined to name. <\/p>\n

The company called it a zero-day exploit, a cyberattack that takes advantage of a previously unknown security vulnerability. \u201cZero-day\u201d refers to the fact that the security engineers have had zero days to develop a fix for the vulnerability.<\/p>\n

Google said it notified the affected company and law enforcement and was able to disrupt the operation before it caused any damage. But as it traced the hackers\u2019 footprints, it found evidence they had used an AI large language model \u2014 the same technology that powers popular chatbots \u2014 to discover the vulnerability.<\/p>\n

Google didn\u2019t reveal which AI model was used in the cyberattack, only that it was most likely not Google\u2019s own Gemini or Anthropic\u2019s Claude Mythos. Google also didn\u2019t reveal which group it suspected in the attack but said there was no evidence it was tied to an adversarial government, though the company said groups tied to China and North Korea have been exploring similar techniques.<\/p>\n

Hultquist said that compared with government spies who typically work slowly and quietly, criminal hackers have some of the most to gain from AI\u2019s \u201ctremendous capability for speed\u201d in finding and weaponizing security bugs.<\/p>\n

\u201cThere\u2019s a race between you and them to stop them before they can essentially get whatever data they need to extort you with, or launch ransomware,\u201d he said in an interview. \u201cAI is going to be a huge advantage because they can move a lot faster.\u201d<\/p>\n

Anthropic\u2019s Mythos has sparked a panic and call for regulation<\/p>\n

Trump\u2019s Commerce Department announced last week that it signed new agreements with Google, Microsoft and Elon Musk\u2019s xAI to evaluate their most powerful AI models before their public release, building on previous agreements the Biden administration made with Anthropic and ChatGPT maker OpenAI<\/a>. But the announcement later disappeared from the Commerce Department website.<\/p>\n

It was the latest example of jumbled signals from the Trump administration in the month since Anthropic announced a new model it called Mythos that it said was so \u201cstrikingly capable\u201d at hacking and cybersecurity work that it could only release it to a small group of trusted organizations.<\/p>\n

Anthropic created an initiative called Project Glasswing bringing together tech giants including Amazon, Apple, Google and Microsoft, along with other companies like JPMorgan Chase, in hopes of securing the world\u2019s critical software from \u201csevere\u201d fallout that the new model could pose to public safety, national security and the economy. But its relationship with the U.S. government<\/a> was complicated by a public and legal fight with the Pentagon and Trump himself over military use of<\/a> its AI technology.<\/p>\n

Its top rival, OpenAI, has since introduced a similar model. The company said Friday it was releasing a specialized cybersecurity version of ChatGPT that would only be available to \u201cdefenders responsible for securing critical infrastructure\u201d to help them find and patch vulnerabilities in their code.<\/p>\n

Ball said he\u2019s optimistic that, over the long term, AI tools that are increasingly good at coding will make us safer from the routine cyberattacks afflicting hospitals, schools and other organizations. In the meantime, however, he said there are \u201cuntold trillions of lines of software code\u201d supporting the world\u2019s computing systems that are at risk if AI tools are unleashed to exploit all of their bugs.<\/p>\n

It could take years to harden all of that software \u2014 a process that Ball believes would be aided by coordination from the U.S. government. <\/p>\n

In the meantime, Ball predicts a \u201ctransitional period\u201d where cybersecurity risks rise significantly and \u201cthe world might actually be more dangerous.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"Google said Monday that it had disrupted a criminal group\u2019s attempt to use artificial intelligence to exploit another…\n","protected":false},"author":2,"featured_media":22368,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[24,1483,1479,25,309,970,387,2213,6028,625,140,1477,132,1429,315,829,7508,16981,22129,146,2680,134,1481,1476],"class_list":{"0":"post-34865","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-google","8":"tag-ai","9":"tag-alphabet","10":"tag-anthropic-pbc","11":"tag-artificial-intelligence","12":"tag-business","13":"tag-california","14":"tag-china","15":"tag-claude-mythos","16":"tag-dean-ball","17":"tag-donald-trump","18":"tag-elon-musk","19":"tag-general-news","20":"tag-google","21":"tag-google-ai","22":"tag-hacking","23":"tag-inc","24":"tag-information-security","25":"tag-joe-biden","26":"tag-john-hultquist","27":"tag-microsoft-corp","28":"tag-openai-inc","29":"tag-technology","30":"tag-u-s-news","31":"tag-united-states-government"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/34865","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=34865"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/34865\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/22368"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=34865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=34865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=34865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}