 |
| Google’s report highlights how state-linked institutions and cybercrime groups from Russia, China, and North Korea are actively experimenting with AI for offensive operations. (Image generated by AI) |
Google believes the attackers utilised an AI model not just to write the exploit code, but also to help identify the underlying vulnerability in the first place.
A few months ago, Anthropic drew a lot of scrutiny for limiting access to Claude Mythos, citing cybersecurity reasons. While many partner organisations have already reported solving some of the major concerns, threat actors keep finding new ways to exploit vulnerabilities. In a recent report, cyber threat actors appear to be using AI to find flaws in software.
Google’s Threat Intelligence Group (GTIG) has identified what appears to be the first confirmed case of hackers using AI to discover and weaponise a zero-day exploit. The finding is particularly concerning since it marks a new chapter in cyber threats accelerating their pace with AI.
The AI-powered zero-day exploit
The exploit targeted a logic flaw in a popular open-source, web-based system administration tool, allowing attackers with valid usernames and passwords to bypass two-factor authentication (2FA). Google coordinated with the affected vendor to patch the vulnerability before it could be used in a planned “mass exploitation event.”Researchers analysing the attack code, which was a Python script, found clear signs of AI generation. These included textbook-style formatting, detailed help menus, and even “hallucinated” elements such as false CVSS vulnerability scores, which are common quirks of large language models (LLMs).
ALSO READ
Google believes the attackers utilised an AI model not just to write the exploit code, but also to help identify the underlying vulnerability in the first place.
John Hultquist, chief analyst at Google’s threat intelligence arm, in a statement to The Guardian, said that for every AI-driven attack discovered, many more are likely already active in the wild. The main advantage for AI attackers is speed – AI enables them to find, test, and deploy exploits far faster than traditional human-led methods.
Why AI-powered attacks need to be addressed
The incident reported by GTIG is not an isolated case. Google’s report highlights how state-linked institutions and cybercrime groups from Russia, China, and North Korea are actively experimenting with AI for offensive operations. For example:- North Korean-linked APT45 has used thousands of AI prompts to analyse vulnerabilities and refine attacks.
- We also saw the emergence of PromptSpy, an Android malware that uses generative AI to monitor user activity and replay biometric gestures like PINs and patterns.
John Hultquist, chief analyst at Google’s threat intelligence arm, in a statement to The Guardian, said that for every AI-driven attack discovered, many more are likely already active in the wild. The main advantage for AI attackers is speed – AI enables them to find, test, and deploy exploits far faster than traditional human-led methods.
ALSO READ
While this raises serious risks in the short term, experts also see a silver lining: the same AI capabilities used to find bugs can eventually help developers fix them, potentially hardening the massive codebase that powers modern systems.
What you can do to stay safe
For users, the advice remains the same:- Keep all software, operating systems, and applications fully updated.
.jpg)
0 Comments