Alphabet’s (GOOGL) Google released findings Monday from its Threat Intelligence Group documenting what researchers consider the first verified instance of threat actors employing artificial intelligence to uncover a zero-day security flaw — followed by the development of working exploit code.
The cyber operation focused on a commonly deployed open-source system management platform. According to Google, the attack was neutralized before achieving widespread exploitation. The technology giant has now informed the software developer about the vulnerability.
GOOGL shares concluded Monday’s trading session near $166, posting modest gains, while the disclosure highlighted Google’s expanding involvement in monitoring AI-facilitated security threats.
The security weakness centered on an obscure trust mechanism embedded within the platform’s authentication framework. Threat actors utilized AI to detect this flaw — something traditional security scanning systems had overlooked — then exploited it to defeat two-factor authentication safeguards.
Google determined the attack was AI-generated through distinctive code signatures: unusually detailed explanatory comments, a falsified severity assessment for the vulnerability, and programming structures characteristic of AI-produced Python code.
The criminal organizations responsible for the operation were not identified in the disclosure. Google indicated that several “major cybercrime threat actors” collaborated to discover and exploit the security gap.
John Hultquist, chief analyst at Google’s Threat Intelligence Group, characterized the discoveries as likely “the tip of the iceberg.” He noted that for every AI-linked zero-day that Google can definitively trace, there are “probably many more out there.”
The analysis also revealed North Korean military hacking unit APT45 employing AI to validate and test thousands of exploits targeting documented software vulnerabilities.
Chinese government-affiliated threat actors were similarly identified as experimenting with AI in offensive cyber operations, although their methodologies remain in developmental phases.
Google discovered additional malicious software, designated PromptSpy, which leverages Google’s proprietary Gemini model to autonomously control Android devices — analyzing screen content and executing commands in real-time with minimal human oversight.
The transformation outlined in the report extends beyond criminals operating more efficiently. It represents AI becoming an autonomous participant in cyberattacks — evaluating targets, generating code, and executing decisions independently.
This constitutes a fundamentally different threat landscape than what most enterprises have prepared to defend against.
European financial oversight authorities have already raised comparable warnings, cautioning that rapidly advancing AI capabilities are accelerating both the velocity and magnitude of cyber threats — especially amid current geopolitical instability.
The report indicates that Russian and North Korean-affiliated groups are similarly incorporating AI into offensive cyber operations, though Google emphasized these initiatives remain in relatively preliminary stages.
Hultquist’s assessment was unambiguous: “There’s a misconception that the AI vulnerability race is imminent. The reality is that it’s already begun.”
Google confirmed it disclosed the zero-day vulnerability to the impacted software vendor following the successful blocking of the attack attempt.
The post Alphabet (GOOGL) Stock: Cybercriminals Deploy AI to Discover Zero-Day Exploits appeared first on Blockonomi.
