Google warns of first AI-assisted zero-day cyber exploit discovery

Google has revealed what it describes as the first confirmed case of a cybercriminal operation using artificial intelligence to help develop a zero-day exploit. The company said the discovery marks a significant moment in the growing use of AI within cybercrime activity and may signal a wider shift in how future attacks are carried out.

The finding was detailed in a report published by Google’s Threat Intelligence Group (GTIG), which monitors global cyber threats and digital espionage campaigns. According to the company, investigators uncovered evidence suggesting that an AI model was involved in identifying a software vulnerability and helping attackers create an exploit before the flaw became publicly known.

Zero-day vulnerabilities are among the most serious cybersecurity threats because software developers and users are unaware of the flaws until they are exploited or discovered. This leaves organisations with no time to prepare defences or release security updates before an attack begins.

Google says the attack may have been prevented

In its report, Google said the threat actor appeared to be preparing for what it described as a “mass exploitation event”. However, the company believes its early detection efforts may have stopped the exploit from being used in a large-scale attack.

GTIG did not identify the affected organisation or disclose technical details about the vulnerability. Google confirmed that it informed the unnamed company responsible for the software, allowing the issue to be patched before any known widespread exploitation occurred.

The company also avoided naming the cybercriminal group behind the operation. However, the report noted that groups linked to China and North Korea have shown increasing interest in using AI tools to support cyber operations, particularly in the discovery and exploitation of security weaknesses.

Google stated that it does not believe its Gemini AI models were involved in the incident. Despite that, the company said it has “high confidence” that an AI system played a role in both identifying the vulnerability and helping create the exploit code used in the attempted attack.

The report did not explain which AI platform or model was used. Security experts have long warned that rapidly improving AI systems could eventually lower the technical barriers for cybercriminals by automating complex tasks that previously required advanced expertise.

Security experts warn of wider risks

The discovery has intensified concerns over the misuse of artificial intelligence in cybersecurity threats. While AI has become widely adopted in business, education and consumer applications, experts have repeatedly cautioned that the same technology can also be adapted for malicious purposes.

John Hultquist, chief analyst at GTIG, described the incident as an early warning sign of a much larger issue. Speaking to The New York Times, he said the case represented “a taste of what’s to come” and “the tip of the iceberg”.

Hultquist added that the incident provided the first “tangible evidence” that AI-assisted cyberattacks are moving from theory into real-world operations. His comments reflect growing concern within the cybersecurity industry that AI could accelerate both the speed and scale of future digital threats.

Cybersecurity researchers have already observed threat actors using AI in other stages of cybercrime, including phishing campaigns, social engineering and malware development. Generative AI systems are capable of producing convincing text, analysing code and automating repetitive tasks, making them attractive tools for attackers seeking greater efficiency.

Despite these concerns, technology companies continue to argue that AI can also strengthen cyber defences. Google said in its report that artificial intelligence is becoming an increasingly important tool for both defenders and attackers, particularly for identifying vulnerabilities and responding to threats more quickly.

The company suggested that advanced AI systems may eventually help security teams detect weaknesses before criminals can exploit them. However, researchers acknowledged that the technology is likely to create an ongoing race between offensive and defensive cyber capabilities.

Tech firms invest in AI-powered cyber defence

Major technology companies have increasingly invested in AI-driven cybersecurity initiatives as threats become more sophisticated. Many firms now use machine learning systems to monitor networks, detect unusual behaviour and identify potential vulnerabilities before they can be exploited.

Google’s latest findings arrive amid broader industry efforts to develop AI systems focused specifically on security research and threat prevention. The company has continued expanding its own cybersecurity operations alongside the development of its Gemini AI platform.

Other AI developers are also moving into the cybersecurity sector. In April, Anthropic announced Project Glasswing, an initiative designed to use its Claude Mythos Preview model to identify and defend against what it described as “high-severity vulnerabilities”.

The project reflects a wider trend among AI companies seeking to position their technology as part of the solution to emerging digital threats. Industry analysts believe demand for AI-powered cyber defence tools will likely increase as businesses face increasingly advanced attacks.

At the same time, experts warn that governments and private organisations may need stronger regulations and safeguards to manage the risks associated with AI-enabled cybercrime. Concerns have grown about how easily advanced AI systems could be adapted for malicious purposes if proper controls are not put in place.

While the recent case did not result in a known attack, researchers believe it may mark an important turning point in cybersecurity. The discovery suggests that AI-assisted exploit development is no longer a theoretical concern but an emerging reality that security teams around the world may soon have to confront more regularly.