Google researchers have found the primary proof of hackers utilizing AI to develop zero-day exploits, autonomous Android backdoors, and automatic provide chain assaults in opposition to GitHub and PyPI.<\/p>\n
Hackers have lengthy used AI fashions to create phishing pages and determine safety vulnerabilities. However in line with a brand new report launched at this time by Google Menace Intelligence Group (GTIG), attackers at the moment are additionally utilizing synthetic intelligence to develop zero-day exploits<\/a>.<\/p>\n GTIG researchers recognized an assault situation the place attackers dodged 2FA<\/a> utilizing a Python script on a web-based administration software, and had been shocked to search out that this was a zero-day exploit. Whereas it was suspected that Claude Mythos<\/a> was used, the staff says that is unlikely.<\/p>\n \u201cFor the primary time, GTIG has recognized a risk actor utilizing a zero-day exploit that we imagine was developed with AI.\u201d<\/p>\n Additional investigation revealed that the code had clear indicators of being made by a machine. People usually write code with particular habits, however these scripts had \u201can abundance of academic docstrings\u201d and even a pretend, \u201challucinated however non-existent CVSS rating.\u201d<\/p>\n Researchers famous within the weblog submit<\/a> that teams from the Folks\u2019s Republic of China (PRC<\/a>) and the Democratic Folks\u2019s Republic of Korea (DPRK<\/a>) are main these exams. Teams like APT45<\/a> and UNC2814 use AI to scan for flaws utilizing instruments like \u2018wooyun-legacy,\u2019 a group of 85,000 outdated safety circumstances, to coach AI fashions to assume like professional auditors.<\/p>\n Hackers are additionally utilizing LLMs for goal scouting to enhance phishing lures. They immediate fashions to map out firm hierarchies or determine particular {hardware} utilized by a goal. This \u2018environmental fingerprinting\u2019 helps them customise their assaults. <\/p>\n Researchers additionally discovered rising choice for \u2018agentic workflows\u2019 the place instruments like Hexstrike and Strix are used to execute multi-stage duties. For instance, a PRC-nexus actor used these instruments alongside the Graphiti reminiscence system to assault a Japanese expertise agency.<\/p>\n In early February 2026, the PROMPTSPY Android backdoor<\/a> appeared. It makes use of a \u2018GeminiAutomationAgent\u2019 to observe cellphone screens and click on buttons. By late March 2026, a bunch referred to as TeamPCP<\/a> (aka UNC6780) attacked the software program provide chain by injecting malicious code into instruments like LiteLLM<\/a> and Checkmarx.<\/a> Utilizing the SANDCLOCK credential stealer, they stole AWS keys and GitHub tokens for extortion.<\/p>\n Researchers, lastly, famous that AI is being utilized in data operations. A professional-Russia marketing campaign referred to as Operation Overload used AI voice cloning to impersonate journalists in pretend movies. Whereas these techniques are evolving, Google is utilizing instruments like Massive Sleep and CodeMender to search out and repair these flaws routinely.<\/p>\nFiguring out AI Clues in Malware<\/strong><\/h3>\n
![\"\"](\"https:\/\/hackread.com\/wp-content\/uploads\/2026\/05\/Google-Reveals-First-Case-of-AI-Created-Zero-Day-Exploit-and-Autonomous-Malware-Attacks.png\")
<\/a>Autonomous Brokers<\/strong><\/h3>\n
Provide Chain Threats and Deepfakes<\/strong><\/h3>\n
![\"Google](\"https:\/\/hackread.com\/wp-content\/uploads\/2026\/05\/google-reveals-first-case-of-ai-created-zero-day-exploit-and-autonomous-malware-attacks-1-1024x601.png\")
<\/a>