for the first time in my life

In a historic escalation of AI-driven cyberwarfare, cybercriminals have successfully used artificial intelligence to identify and weaponize previously unknown software vulnerabilities for the first time, according to a major alert issued by Google’s Threat Intelligence Group (GTIG).

This incident was revealed in the latest information from Google AI Threat Tracker Report The incident, published on May 11, is believed to be the first confirmed case of threat actors using AI not only to aid in coding and phishing operations, but also to actively discover and operate on true zero-day vulnerabilities that can bypass two-factor authentication protections.

The discovery marks a turning point for the global security industry, which has spent years warning that generative AI would eventually allow hackers to automate some of the most technically difficult aspects of cyberattacks.

This changes the threat landscape significantly. The concern was not whether AI would be used offensively, but when AI would cross the line and autonomous exploits would be developed.

According to GTIG, several “prominent” cybercriminals worked together to plan a large-scale exploitation campaign targeting a widely used open source web-based systems management platform.

Investigators believe the attackers used AI models to identify previously undiscovered vulnerabilities and developed malicious code designed to exploit them.

The flaw could have allowed attackers to bypass two-factor authentication (2FA), one of the most widely adopted cybersecurity protections to protect online accounts and corporate systems.

Google said it worked with affected software vendors to fix the vulnerabilities and disrupt operations before the exploit could be deployed at scale.

“This is the first evidence we have observed that threat actors are leveraging AI to help discover and weaponize zero-day vulnerabilities,” Google researchers wrote.

The company also emphasized that neither Google Gemini nor Anthropic’s Mythos AI system was used in this operation.

Forensic analysis of the exploit strongly suggests that the malicious code was either generated or heavily assisted by an extensive language model.

The Python-based exploit script reportedly contained several characteristics associated with AI-generated programming output, including unusually formal educational-style document strings, highly structured formatting, and coding conventions commonly found in LLM training data.

One of the clearest indicators is the inclusion of fabricated CVSS vulnerability severity scores (obviously an AI-generated illusion).

Cybersecurity researchers increasingly consider hallucinatory references, fake quotes, and fabricated technical metadata to be among the strongest indicators of generative AI involvement.

This exploit looked sophisticated in some places and artificial in others. This combination is becoming a hallmark of AI-assisted malware development.

Zero-day vulnerabilities are one of the most dangerous tools in cyber operations because the software vendor is unaware of the flaw and there is no patch available when the attack is launched.

Such exploits are highly valuable in underground markets and are often used by elite state-sponsored hacker groups to infiltrate governments, businesses, and critical infrastructure.

Until now, discovering and weaponizing zero-day vulnerabilities required advanced expertise in reverse engineering, software analysis, and exploit development. Only a small number of professionals around the world possess these skills.

Introducing AI into that process could dramatically lower the barrier to entry for advanced cyberattacks.

Generative AI systems could increasingly automate much of vulnerability research, allowing cybercrime groups to discover flaws faster and at scale than ever before.

John Hultquist, principal analyst at GTIG, warned that the industry may already be experiencing only a fraction of the AI-powered exploitation activity around the world.

“There’s a misconception that an AI vulnerability race is imminent, when in reality it’s already begun,” Hultquist said. “For every zero-day that can be traced back to AI, there will probably be many more.”

The comments reflect growing concern within the intelligence and cybersecurity communities that offensive AI capabilities are advancing faster than public awareness and defensive technologies.

Researchers have repeatedly warned that the speed of AI development is outpacing the ability of governments and companies to regulate and secure its use.

The GTIG report also detailed how state-sponsored hacker groups are actively experimenting with artificial intelligence techniques.

Google said cyber operations related to China and North Korea have shown “significant interest” in using AI for vulnerability discovery, operational planning, and offensive cyber research.

Western intelligence agencies have previously warned that governments are investing heavily in AI-powered cyber capabilities as part of a broader digital warfare strategy.

AI could ultimately help:

• Automated exploit detection
• Malware development
• target reconnaissance
• Credential Theft Operation
• social engineering attack
• Persistence mechanism
• Bypassing antivirus systems

Automating even some of these activities could allow state actors to conduct larger, more sustained cyber campaigns with fewer personnel.

While AI-generated phishing emails and scams have become increasingly common since the rise of generative AI tools in 2022, researchers say attackers are now going well beyond basic fraud.

Our report finds growing evidence that criminal organizations are using AI to:

• Improve malware obfuscation
• Generation of operational support tools
• Automate information collection
• Power up your social engineering campaigns
• Develop more evasive attack techniques

Threat actors often use AI to conduct research, troubleshoot code, and streamline workflows just like legitimate corporate users do, but they also apply its capabilities to criminal purposes.

By automating repetitive technical tasks, hackers can focus more resources on large-scale, coordinated attacks.

“Threat actors are leveraging AI to increase the speed, scale, and sophistication of their attacks,” Hultquist said.

“This allows us to test operations, persist against targets, build better malware, and make many other improvements.”

The advent of AI-assisted zero-day development is likely to further increase pressure on organizations already struggling to defend against increasingly sophisticated attacks.

Defending cybersecurity teams are also deploying AI-powered systems for threat detection, anomaly analysis, and automated incident response. But analysts warn that attackers often adapt faster than defenders.

One big concern is that AI could eventually discover entirely new categories of vulnerabilities and attack chains beyond what human analysts are currently trained to recognize.

Security experts are also concerned about the rapid proliferation of open-source, uncensored AI models, some of which have fewer safeguards to prevent malicious use.

Major AI companies such as Google, OpenAI, Microsoft, and Anthropic have introduced restrictions aimed at blocking harmful cyber-related output, but researchers have repeatedly demonstrated ways to circumvent these protections.

Meanwhile, underground cybercrime communities have started sharing modified or unrestricted AI systems specifically for offensive use.

The incident described by Google may ultimately be remembered as one of the first clear signs that artificial intelligence has entered a new phase in cyber warfare.

Security experts have debated for years whether generative AI will fundamentally change offensive hacking operations. The debate is now rapidly moving from theory to reality.

What once seemed like a future threat is becoming real-time actionable.

A widespread concern among cybersecurity experts is not just that AI will speed up existing attacks, but that it may ultimately enable entirely new forms of autonomous cyberattacks at scales previously impossible for human operators alone.

For governments, businesses, and security teams around the world, the message from Google’s findings is becoming increasingly difficult to ignore. The AI ​​cyber arms race is no longer coming; it has already begun.