Google reports its first discovery of a zero-day exploit made with AI help
Google says threat actors likely used AI tools to identify and develop a zero-day exploit, marking what it describes as the first known case of its kind
 "Google reports its first discovery of a zero-day exploit made with AI help")
Following Anthropic’s footsteps, artificial intelligence company OpenAI unveiled Daybreak, its frontier AI model designed specifically for cybersecurity. While the pitch is similar – AI can help defenders reason across codebases, identify subtle vulnerabilities, validate fixes, analyse unfamiliar systems, and move from discovery to remediation faster – there has also been an underlying concern that the same capabilities could be misused.
Until now, there had been no clear indication that frontier AI models were being used to actively develop exploits. But Google has now reported what it describes as its first-ever discovery of AI being used to help create a zero-day exploit for a cyberattack.
According to Google’s Threat Intelligence Group (GTIG), the company identified a threat actor using an exploit that it believes was created with the help of AI tools and was likely intended for a large-scale hacking campaign.
What Google said about the AI-based exploit
In its report, Google said it has high confidence that an AI model was used to identify the software flaw and help turn it into a working exploit. However, the company clarified that it does not believe its Gemini AI models were involved.
Google stated that, based on the structure and content of the exploit, it believes the attackers likely used an AI model during the discovery and development process of the vulnerability. Google did not disclose the name of the affected company or the cybercriminal group behind the exploit. However, the report noted that threat actors associated with China and North Korea have shown growing interest in using AI tools to exploit software vulnerabilities.
Google said it informed the targeted organisation after discovering the flaw, allowing the company to fix the issue before it could be used in a broader cyberattack.
What is a zero-day exploit
A zero-day exploit is a cyberattack that takes advantage of a hidden or previously unknown security flaw in software, hardware, or firmware. Since the vulnerability is unknown, the company behind the software has “zero days” to fix the issue before attackers can start exploiting it.
These attacks are considered especially dangerous because users and organisations often have no warning before systems are targeted. Even if the vulnerability becomes public, it can still take time for software providers to release a patch, leaving systems exposed in the meantime.
Cybercriminals can use zero-day exploits to steal data, install malware, spy on users, or damage systems.
Experts warn this could be the beginning
John Hultquist, chief analyst at Google’s Threat Intelligence Group, described the incident as “a taste of what’s to come” and “the tip of the iceberg” in an interview with The New York Times. He reportedly said the case represents the first clear evidence of AI being used in attacks of this kind.
Google also noted in its report that cybercriminals are increasingly using AI during different stages of cyberattacks, although the company added that AI can also help security teams detect and prevent threats. At the same time, technology companies are increasingly positioning AI as a cybersecurity defence tool.