InfoSecBulletin Cybersecurity for mankind
Google detects for the first time a zero-day exploit which is thought to be developed using artificial intelligence. The company shared a new report on Monday. It gives a summary of its findings on how AI is used in cyber threats. This information comes from recent data collected by Gemini, Google Threat Intelligence Group (GTIG), and Mandiant.
A key finding is that a well-known cybercrime group used AI to develop a zero-day exploit. This exploit was made to get around two-factor authentication (2FA) on an open-source web tool for system management. The exploit was in a Python script.
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
The hacker group and the tool they tried to use are not named, but Google said it helped the affected company stop a large attack, which seemed to be what the hackers wanted.
“Although we do not believe Gemini was used, based on the structure and content of these exploits, we have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability,” Google explained.
It added, “For example, the script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data (e.g., detailed help menus and the clean _C ANSI color class).”
Google pointed out that Chinese and North Korean state-sponsored hackers are very keen on using AI to find vulnerabilities. A group likely connected to China was seen using tools like Strix and Hexstrike to attack a Japanese tech company and a big cybersecurity firm in East Asia.
UNC2814 is a Chinese group that attacks telecom and government groups. They used a fake identity jailbreak where the AI pretends to be a top security auditor. This helped them research flaws in embedded devices, like TP-Link firmware with OFTP features.
Google says that the North Korean group known as APT45 sent out many repeated messages to look closely at CVEs and check PoC exploits.
“This results in a more robust arsenal of exploit capabilities that would be impractical to manage without AI assistance,” Google said in its report.
The complete report talks about self-running malware, AI helping to avoid defenses, attacks on supply chains, and bad actors seeking top access to LLMs.
