Google says AI-powered hacking has officially arrived
Google says hackers have used AI to discover and exploit a previously unknown software vulnerability for the first time.
Google says a long-feared cybersecurity milestone has now been crossed: hackers are officially using artificial intelligence to discover and weaponise previously unknown software vulnerabilities.
The warning came after the tech giant disrupted what it described as a planned “mass exploitation” campaign in which cybercriminals allegedly used AI to uncover and exploit a zero-day flaw inside a widely used system administration tool.
According to researchers, this marks the first known case where attackers successfully used AI to identify and operationalise an unknown vulnerability for a real-world cyberattack.
Google says the AI threat is here
John Hultquist, chief analyst at the Google Threat Intelligence Group, described the development as a turning point for cybersecurity.
“It’s here,” Hultquist said, referring to AI-driven exploitation. Investigators said the attackers discovered a flaw that allowed them to bypass two-factor authentication on a popular open-source administration platform before the operation was disrupted.
Researchers explained that the exploit qualified as a “zero-day” vulnerability because the software vendor had no prior knowledge of the flaw and therefore had zero days to prepare a fix before attackers attempted to use it.
How the attack reportedly worked
Google has not publicly identified either the targeted software or the hacking group involved. However, investigators said traces inside the attack scripts suggested the vulnerability discovery process had been assisted by a large language model.
Security researchers noted that the Python scripts used in the operation contained signs commonly associated with AI-generated outputs, including textbook-style formatting and even hallucinated cybersecurity scoring references.
The exploit reportedly targeted logic flaws inside a two-factor authentication system, allowing attackers to bypass standard identity verification safeguards. Investigators said the affected vendor was notified and the campaign was disrupted before any widespread compromise occurred.
AI is accelerating cyberattacks
The findings suggest cybercriminals are no longer merely experimenting with AI chatbots for coding help. Instead, many groups are increasingly integrating AI directly into attack workflows.
Sources indicate that threat actors are now using AI systems to identify vulnerabilities, generate malicious code, refine malware, and automate parts of cyber operations with minimal human oversight.
Researchers also noted that criminal groups and state-linked actors tied to countries such as China, Russia, and North Korea are already exploring AI-assisted hacking techniques. Experts warned that AI significantly reduces the time and expertise traditionally required to execute sophisticated cyberattacks.
The “industrial-scale” hacking concern
Google described the shift as part of a broader move toward industrial-scale AI-powered cybercrime. Researchers said AI enables hackers to test operations faster, discover vulnerabilities more efficiently, improve malware quality, and persist against targets more effectively than before.
Hultquist noted that cybercriminals, unlike intelligence agencies that often operate quietly over long periods, benefit heavily from AI’s speed advantages because ransomware and extortion attacks depend on rapid execution.
Security specialists increasingly fear that the time gap between discovering a vulnerability and exploiting it could shrink from months to minutes as AI systems become more capable.
Why Anthropic’s Mythos added to the panic
The warning arrives shortly after Anthropic declined to publicly release its cybersecurity-focused AI model Mythos due to concerns around its hacking capabilities.
According to multiple reports, Anthropic claimed Mythos was capable of identifying zero-day vulnerabilities across major operating systems and web browsers, prompting the startup to restrict deployment and coordinate with industry partners through an initiative called Project Glasswing.
The growing sophistication of frontier AI models has intensified debates around regulation, oversight, and controlled access to highly capable cybersecurity systems.
Governments are beginning to react
The incident is also drawing increasing government attention. Media reports reveal that the Trump administration recently signed agreements with several AI firms, including Google, Microsoft, and xAI, to evaluate powerful models before wider public deployment.
At the same time, policymakers remain divided over how aggressively governments should regulate AI systems capable of advanced cyber operations. Some experts argue that stronger oversight is now unavoidable because AI-assisted exploitation may soon outpace conventional defensive capabilities.
Anthrophic has a potent AI model on hand, but it isn’t ready to make it public yet
The next phase of AI security
Google stressed that the disrupted campaign may represent only the beginning of a larger transition in cyber warfare and cybercrime.
Researchers warned that AI is increasingly becoming an active operational component in attacks rather than merely a research assistant. That shift raises concerns not only about cybercrime, but also about state-backed cyber operations and attacks on critical infrastructure.