Google researchers have found the primary proof of hackers utilizing AI to develop zero-day exploits, autonomous Android backdoors, and automatic provide chain assaults in opposition to GitHub and PyPI.
Hackers have lengthy used AI fashions to create phishing pages and determine safety vulnerabilities. However in line with a brand new report launched at this time by Google Menace Intelligence Group (GTIG), attackers at the moment are additionally utilizing synthetic intelligence to develop zero-day exploits.
Figuring out AI Clues in Malware
GTIG researchers recognized an assault situation the place attackers dodged 2FA utilizing a Python script on a web-based administration software, and had been shocked to search out that this was a zero-day exploit. Whereas it was suspected that Claude Mythos was used, the staff says that is unlikely.
“For the primary time, GTIG has recognized a risk actor utilizing a zero-day exploit that we imagine was developed with AI.”
Additional investigation revealed that the code had clear indicators of being made by a machine. People usually write code with particular habits, however these scripts had “an abundance of academic docstrings” and even a pretend, “hallucinated however non-existent CVSS rating.”
Researchers famous within the weblog submit that teams from the Folks’s Republic of China (PRC) and the Democratic Folks’s Republic of Korea (DPRK) are main these exams. Teams like APT45 and UNC2814 use AI to scan for flaws utilizing instruments like ‘wooyun-legacy,’ a group of 85,000 outdated safety circumstances, to coach AI fashions to assume like professional auditors.
Autonomous Brokers
Hackers are additionally utilizing LLMs for goal scouting to enhance phishing lures. They immediate fashions to map out firm hierarchies or determine particular {hardware} utilized by a goal. This ‘environmental fingerprinting’ helps them customise their assaults.
Researchers additionally discovered rising choice for ‘agentic workflows’ the place instruments like Hexstrike and Strix are used to execute multi-stage duties. For instance, a PRC-nexus actor used these instruments alongside the Graphiti reminiscence system to assault a Japanese expertise agency.
Provide Chain Threats and Deepfakes
In early February 2026, the PROMPTSPY Android backdoor appeared. It makes use of a ‘GeminiAutomationAgent’ to observe cellphone screens and click on buttons. By late March 2026, a bunch referred to as TeamPCP (aka UNC6780) attacked the software program provide chain by injecting malicious code into instruments like LiteLLM and Checkmarx. Utilizing the SANDCLOCK credential stealer, they stole AWS keys and GitHub tokens for extortion.
Researchers, lastly, famous that AI is being utilized in data operations. A professional-Russia marketing campaign referred to as Operation Overload used AI voice cloning to impersonate journalists in pretend movies. Whereas these techniques are evolving, Google is utilizing instruments like Massive Sleep and CodeMender to search out and repair these flaws routinely.
