Google's TIG reports the first known example of hackers using AI to discover and weaponize a zero-day; TIG's chief analyst says “this is the tip of the iceberg”
The company said that it had identified, for the first time, hackers using artificial intelligence to discover an unknown bug.
New York Times Dustin Volz
Related Coverage
- GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access Google Cloud Blog
- Google announces its first-ever discovery of a zero-day exploit made with AI Engadget · Jackson Chen
- Google says hackers used AI to develop a major security flaw Politico · Maggie Miller
- Google disrupts hackers using AI to exploit an unknown weakness in a company's digital defense Associated Press · Matt O'Brien
- Google stopped a zero-day hack that it says was developed with AI The Verge · Stevie Bonifield
- Japan Steps Up Defense Against Advanced AI, Including Mythos MarketWatch · Megumi Fujikawa
- Google spotted an AI-developed zero-day before attackers could use it CyberScoop · Matt Kapko
- Read our new report on AI-powered threats and our latest defenses. The Keyword
- Hackers Are Now Using AI to Create Zero-Day Exploits SammyGuru · Binay Konwar
- Google Discovers First AI-Made Zero-Day Exploit, Claims It Was Not Made With Gemini Tech Times · Isaiah Richard
- Hackers used AI to build a working cyberattack for the first time Phandroid · Tyler Lee
- N. Korean hackers using AI to find cybersecurity blind spots, Google says The Korea Herald
- Hackers Observed Using AI to Develop Zero-Day for the First Time Infosecurity · Danny Palmer
- Google spots AI-assisted ‘zero-day’ cyberattack Semafor · J.D. Capelouto
- Google says AI is being abused at industrial scale for cyberattacks, and it just thwarted one Digital Trends · Manisha Priyadarshini
- Google Detects First AI-Powered Zero-Day Attack as North Korea Joins AI Hacking Race Seoul Economic Daily · Kim Tae-young
- AI Threat Tracking Report: “First AI-Driven Zero-Day Attack Detected” The Asia Business Daily · Lee Eunseo
- Google Alarmed by Formidable AI-Powered Zero-Day Cyberattack Futurism · Frank Landymore
- Google Makes Bombshell Claim That Hackers Used AI to Create Zero-Day Flaw in Their System International Business Times · Matias Civita
- The Singularity Moment: First AI-Generated Zero-Day Confirmed in Wild Lyrie Research
- Watchdog Says Google Alert Over ‘Zero-Day’ Cyber Attack Proves Better AI Oversight Is Urgently Needed Common Dreams · Brad Reed
- Google says hackers used AI to exploit ‘zero-day’ flaw UPI · Joe Fisher
- Google Spots Hackers Using AI To Find Zero-Day Flaw For Mass Explotation PCMag · Michael Kan
- Google Warns AI-Powered Hackers Are Bypassing 2FA Security Coin Edition
- AI Has Entered the Zero-Day Race. Google Found the First Trace. Implicator.ai · Marcus Schuler
- Google Finds First Evidence of AI ‘Zero-Day’ Cyberattack Newser · Rob Quinn
- Google says criminal hackers used AI to find a major software flaw Hacker News
- Google warns hackers are using AI to build zero-day exploit for planned mass cyberattack Crypto Briefing · Vivian Nguyen
- Hackers Targeting Your Crypto Just Got An AI Upgrade — Google's Report Is A Wake-Up Call Bitcoinist.com · James Halver
- Google flags first AI-assisted zero-day attack targeting 2FA crypto.news · Olivia Stephanie
- AI-assisted hacking is already here, Google warns Axios · Sam Sabin
- Google says criminals used AI-built zero-day in planned mass hack spree The Register
- Google just blocked a zero-day exploit made with AI Android Authority · Shimul Sood
- ‘This is the tip of the iceberg’: Google experts say they have seen hackers using AI to discover and weaponize a zero-day for the first time TechRadar · Benedict Collins
- Google: Hackers used AI to develop zero-day exploit for web admin tool BleepingComputer · Bill Toulas
Discussion
-
@johnhultquist
John Hultquist
on x
I'm sure people will want more details on this specific incident, and we have good reasons for not sharing all of the data, but I'd challenge you to focus on the bigger picture. If criminals are doing it, then state actors with significant resources probably are too. 4/x
-
@johnhultquist
John Hultquist
on x
Google Threat Intelligence Group is dropping our latest AI Threat Tracker report today, which covers several threats we are watching through a variety of means. The report includes some details of the first 0day exploit we've found developed with AI. 1/x https://cloud.google.com/…
-
@stvemillertime
@stvemillertime
on x
Our regular reporting on AI threats is a landscape view, a pulse check on how adversaries are using and attacking AI. There are examples, but try not to get fixated on the specifics and instead look at the macro trends. Baddies love AI, as both a weapon and a target.
-
@jamieantisocial
J⩜⃝mie Williams
on x
well-orchestrated ai will certainly scale + speed things up...but don't let stories hyping the “tip of the spear”™️ move your focus away from mastering 🅻🅴 🅱🅰🆂🅸🅲🆂. [image]
-
@dinodaizovi
Dino A. Dai Zovi
on x
Aside from the sizzle of threat actors using AI to discover and exploit vulnerabilities, here is the substance that I'm most worried about longer term: [screenshot: “Beyond basic chat interfaces, we see a sophisticated shift toward agentic workflows where adversaries operationali…
-
@kevinbankston
Kevin Bankston
on x
the endless race between defender and attacker is exponentially accelerating
-
@zeffmax
Max Zeff
on x
it's crazy how much claude mythos has spooked DC, and perhaps changed the course of American AI regulation. there's been some speculation that mythos was released in a limited way because of Anthropic's compute constraints. If that's the case (frankly, I can't say one way or ano…
-
@thehackersnews
@thehackersnews
on x
The AI-generated script had clear signs it was made with an LLM: • Lots of detailed explanations and comments • A made-up CVSS score • Professional-looking help menus and colors The flaw was a simple logic mistake in the software's code — a “trust assumption” that shouldn't
-
@mikeisaac
Rat King
on x
v funny that google's security peeps are like “hey, HEY. mythos isn't the only game in town. look at dis shit” [image]
-
@johnhultquist
John Hultquist
on x
Each new generation of models will reduce the need for expert-developed harnesses, but they are almost certainly out there. We have to recognize the limits of our visibility into the backend of spies and criminals. The signs won't be obvious. The race has started already. 5/x
-
@johnhultquist
John Hultquist
on x
What's more, I think most of us are surprised we have not found more evidence. We believe this is the tip of the iceberg. Other AI-developed 0days are probably out there. At Google, BigSleep was a wake up call (2 years ago), but the threat grew with each generation of model. 3/x
-
@johnhultquist
John Hultquist
on x
A criminal threat actor was planning to use the 0day exploit, which has artifacts of AI development, in a mass exploitation event before it was patched. Frankly, the details of this event are not as important as the evidence that the era of adversary use is here. 2/x
-
Francis deSouza
Francis deSouza
on linkedin
The AI cybersecurity race is here. Today, the Google Threat Intelligence Group released our latest AI Threat Tracker. …
-
@rustybrick.com
Barry Schwartz
on bluesky
AI will expedite hacking in ways we have never seen before [embedded post]
-
Ramya Chitrakar
Ramya Chitrakar
on linkedin
The AI cybersecurity race isn't coming—it's already here. — Today, the Threat Intelligence Group (GTIG) released our latest AI Threat Tracker …