Google Reports First Known AI-Assisted Zero-Day Exploit in the Wild

Summary

Google's Threat Intelligence Group (GTIG) has detected what it believes to be the first confirmed zero-day vulnerability exploit code developed with the assistance of artificial intelligence. The attack targeted two-factor authentication mechanisms through the exploitation of software vulnerabilities. Google confirmed that its own Gemini AI model was not involved in the attack, validating long-standing security industry warnings that adversaries could weaponize AI's vulnerability-detection capabilities for malicious purposes.

The GTIG's "AI Threat Tracker Report" reveals a broader trend of state-sponsored and criminal threat actors leveraging AI across multiple attack vectors. North Korea-linked APT45 deployed AI to validate thousands of attack codes and build attack assets at scale, while a China-backed hacker group used agentic AI tools to conduct autonomous reconnaissance attacks against a Japanese technology company. According to GTIG chief analyst John Hultquist, the "vulnerability war driven by AI has already begun," with threat actors using AI to accelerate the speed, scale, and sophistication of attacks.

• The discovery confirms long-standing cybersecurity warnings that AI's vulnerability-finding abilities could be weaponized by malicious actors

Editorial Opinion

Google's discovery represents a watershed moment in cybersecurity—the theoretical threat of AI-powered attacks has now materialized in the wild. The involvement of sophisticated state-backed actors from North Korea and China suggests this is not an anomaly but the opening volley of a new era in cyber warfare. As AI capabilities continue to advance, defenders face an asymmetric challenge: secure systems require perfect defense everywhere, while attackers only need one exploit. The industry must urgently rethink defensive strategies for an era where adversaries have access to the same AI tools.