Google warns AI-powered cyberattacks have entered a dangerous new phase

Google has issued an urgent warning that cybercriminals are now using artificial intelligence to discover and develop zero-day exploits, marking what security researchers say could be a major escalation in the global cyber threat landscape.

In a new report, Google’s Threat Intelligence Group said it had identified a threat actor using a zero-day exploit that the company believes was developed with AI. Google said the exploit was intended for a mass vulnerability exploitation operation, but was disrupted before it could be deployed at scale.

The attack targeted a popular open-source, web-based system administration tool and involved a Python script designed to bypass two-factor authentication. According to Google, the exploit required valid user credentials, but abused a logic flaw based on a hardcoded trust assumption, a type of weakness that advanced AI systems may be increasingly capable of detecting.

The warning is alarming because zero-day vulnerabilities are among the most dangerous flaws in cybersecurity. They are unknown to the software maker before discovery, meaning there may be no patch available when attackers begin exploiting them. If AI can help criminals find and weaponise these weaknesses faster, defenders could have far less time to respond.

Google said its analysis found signs that AI had likely been used in the exploit’s development, including repetitive prompting patterns, unusually structured code, educational-style documentation and a hallucinated CVSS severity score. The company did not name the AI model allegedly used in the campaign, and reports note there is no indication that Google’s Gemini model was used to create the zero-day.

The incident points to a disturbing shift. Cybercriminals no longer need to rely only on stolen credentials, phishing kits or known vulnerabilities. With AI assistance, attackers may be able to analyse code, identify hidden logic flaws, generate exploit scripts and prepare attacks at a scale that would previously have required far more human expertise.

Google warned that threat actors are already using AI across multiple stages of cyber operations, from vulnerability research and exploit development to malware enhancement, social engineering and operational automation. Reuters reported that Google believes hackers are moving beyond experimentation and toward more innovative AI-enabled hacking operations.

The implications are severe for businesses, governments and ordinary users. A mass exploitation event against a widely used administration tool could give attackers a path into corporate networks, cloud systems, websites, servers or managed infrastructure. Even when an attack begins with valid credentials, the ability to bypass two-factor authentication can turn one compromised login into a much larger breach.

The timing is especially concerning as major technology companies and cybersecurity agencies are already warning that AI is compressing the time between vulnerability discovery and exploitation. What once took skilled attackers weeks or months may soon be achievable in days, hours or less.

Security researchers have also warned that AI-generated attacks may be harder to identify and easier to scale. Automated systems can generate variants, test payloads, rewrite code and refine social engineering attempts faster than traditional human-led operations. That could make future attacks more persistent, more targeted and more difficult to defend against.

For organisations, the message is blunt: old assumptions about cyber defence are no longer enough. Multi-factor authentication remains essential, but it must be paired with stronger controls, better monitoring, faster patching, least-privilege access and staff who understand how modern threats work.

For individuals, the lesson is just as serious. AI-powered phishing, fake login pages, credential theft and account takeover attempts are likely to become more convincing. People should treat unexpected login prompts, urgent security messages, unfamiliar links and requests for credentials with extreme caution.

Google’s warning should be seen as a line in the sand. AI is no longer just helping defenders find weaknesses. It is also giving attackers new ways to discover and weaponise them.

As cyber threats become faster, smarter and more automated, stronger defence begins with better understanding. Knowledge is power. Upskill your cybersecurity awareness and learn how to recognise modern threats with The Hack Academy’s online courses: https://training.thehackacademy.com/course/

Photo Credit: DepositPhotos.com