Researchers at Google say they have found the first ever evidence of hackers using artificial intelligence to create the most serious type of cyber security flaw.
The team from Google Threat Intelligence Group (GTIG) reported that cyber criminals used AI in order to uncover what is known as a zero-day exploit.
This type of flaw is particularly concerning as it is one that software developers do not know exists, meaning there have been zero days to find a way to protect against it.
“For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI,” the researchers wrote in a report on Monday.
“The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use.”
The researchers noted that hackers associated with China and North Korea have demonstrated “significant interest” in developing AI for seeking out zero-day vulnerabilities.
Cyber criminals have been emboldened by the arrival of new AI tools that have helped lead to record-breaking levels of cyber attacks in 2026.
A recent report found that AI bot attacks have increased more than 10-fold over the last year, rising from 2 million to 25 million incidents globally.
The rise in incidents comes as leading AI firms like Anthropic and OpenAI have been developing tools that can detect security flaws more efficiently than any human.
Anthropic’s recently unveiled model Mythos has been described as a “terrifying superhacker”, having already uncovered software vulnerabilities in every major operating system and every major web browser in the world.
The model has only been released to a limited number of technology and financial organisations, with Anthropic claiming it can help them boost their cyber defences.
Google’s researchers warned that while these new models can help defend against potential attacks, cyber criminals are exploiting them to carry out attacks on a worrying scale .
“Threat actors now pursue anonymized, premium tier access to models through professionalized middleware and automated registration pipelines to illicitly bypass usage limits,” the warned in their latest report.
“This infrastructure enables large scale misuse of services while subsidizing operations through trial abuse and programmatic account cycling.”
Google settles lawsuit over alleged discrimination against Black employees
Google faces £3 billion lawsuit over advertising monopoly claims
The people building AI think it might be conscious. That’s not the most alarming part
UK schools blackmailed with sexualised AI deepfakes of pupils, experts warn
Meta can now read your private messages after Instagram update
