Google has announced that it has found its first zero-day exploit, believed to have been created with artificial intelligence. According to the Google Threat Intelligence Group, this discovery marks a big change in how cybercriminals use advanced technology to automate harmful software attacks. Finding this zero-day marks a major shift in digital security. Experts have warned for some time about AI-generated malware, but this case is the first clear evidence that attackers are already using these tools to spot and exploit hidden software flaws.
How is AI changing the Zero-Day threat landscape?
According to Engadget, the malicious code targeted a popular open-source tool used for managing computer systems. The exploit was specifically designed to bypass two-factor authentication, a critical security layer most people use to keep their personal and professional accounts safe.
Google researchers realized that AI was heavily involved after finding strange clues, or “artifacts,” in the code. According to CyberScoop, the exploit included highly detailed notes and “hallucinated” data—such as security scores that did not actually exist—which are common mistakes made by AI models rather than human developers.
This discovery highlights a growing competition between attackers and defenders in the tech world. According to the Google Cloud Blog, Google is now using its own AI agents, such as “Big Sleep,” to hunt for these bugs first and “CodeMender” to help developers fix them automatically.
By detecting the threat early, Google notified the software vendor and provided a patch before a large-scale attack could occur. This first instance of an AI-powered zero-day shows that while new technology makes attackers faster, it also gives security experts powerful new tools to help keep the internet secure.
