The First AI-Powered Zero-Day Cyberattack Just Happened

For years, cybersecurity experts warned that artificial intelligence would eventually help hackers discover software flaws faster than humans could stop them. Most of those warnings lived in research papers, closed-door intelligence briefings, and theoretical debates inside Silicon Valley.

That changed this week.

Google says it has identified the first known case of hackers using AI to help discover and weaponize a previously unknown software vulnerability in an attempted mass cyberattack. The company said it blocked the exploit before it could spread widely, though the discovery marks a chilling turning point in the evolution of cyber warfare.

“For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI,” Google wrote on its Google Threat Intelligence Group (GTIG) page. “The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use.”

The implications stretch far beyond a single hacking campaign.

AI systems are no longer just writing phishing emails or generating spam. According to Google and other security researchers, AI is beginning to participate in some of the most dangerous parts of offensive cyber operations: identifying hidden software flaws, building exploit chains, automating reconnaissance, and accelerating attacks at a speed human teams struggle to match.

The cybersecurity industry has spent years preparing for this moment. Now it appears to have arrived.

The Moment Cybersecurity Changed

The latest findings from Google land just months after a series of increasingly alarming disclosures from Anthropic about the growing role of AI in cyberattacks.

In November 2025, Anthropic revealed that it had disrupted what it described as a highly sophisticated cyber espionage campaign attributed to a Chinese state-sponsored hacking group. According to the company, attackers used AI systems to autonomously map networks, write exploit code, gather intelligence, and steal sensitive data.

Anthropic estimated that roughly “80–90%” of the operation had been executed with AI assistance.

“We recently argued that an inflection point had been reached in cybersecurity: a point at which AI models had become genuinely useful for cybersecurity operations, both for good and for ill,” Anthropic wrote in a blog post discussing the attack.

The company added that investigators observed attackers using AI “not just as an advisor, but to execute the cyberattacks themselves.”

Credit: Anthropic

That statement barely registered outside cybersecurity circles at the time. Inside the industry, it triggered immediate concern.

For years, security researchers believed the most dangerous phase of AI-assisted hacking would begin once models became capable of independently identifying unknown vulnerabilities in software systems. Security teams feared a future where attackers could automate the search for flaws across browsers, operating systems, enterprise tools, cloud platforms, and critical infrastructure at a scale impossible for humans to match.

That fear no longer looks hypothetical.

Claude Mythos Triggered Alarm Bells Across Silicon Valley

The pressure intensified in April after Anthropic introduced Claude Mythos, a frontier AI model focused heavily on advanced coding and cybersecurity tasks.

Reports surrounding the model quickly set off alarms across banks, government agencies, cloud providers, and cybersecurity firms after claims emerged that the system could identify software vulnerabilities at extraordinary speed.

According to a CNBC report, Anthropic restricted access to the model under an initiative called Project Glasswing, limiting availability to a small group of major U.S. organizations, including Apple, Amazon, JPMorgan Chase, and Palo Alto Networks.

“What we are seeing across the industry now is that people are able to reproduce the vulnerabilities found with Mythos through clever orchestration of public models to get very, very similar results,”  Ben Harris, CEO of cybersecurity firm watchTowr, told CNBC.

Anthropic reportedly feared the system could be abused by criminal groups or hostile governments if released broadly.

The concern centered on the model’s ability to identify “zero-day” vulnerabilities.

Zero-days are among the most dangerous discoveries in cybersecurity. The term refers to hidden software flaws unknown to the company that created the software. Since vendors are unaware of the vulnerability, there is effectively “zero days” to prepare a defense once attackers begin exploiting it.

The most valuable zero-days can sell for millions of dollars on underground markets or government-linked exploit exchanges. They are prized by intelligence agencies, nation-state hackers, and elite cybercriminal groups because they allow attackers to infiltrate systems before security patches exist.

Anthropic claimed Claude Mythos identified thousands of vulnerabilities across major operating systems and browsers, including flaws buried inside decades-old software.

That revelation sent a wave of anxiety through the cybersecurity community.

Researchers feared AI models could dramatically lower the barrier to the discovery of elite-grade cyber weapons.

Weeks later, Google says it found evidence that this was already happening.

Google Says Hackers Used AI to Build a Zero-Day Exploit

In research published Monday, Google’s Threat Intelligence Group disclosed what it believes is the first known example of hackers using AI to help discover and weaponize a zero-day vulnerability in a real-world attack attempt.

According to Google, attackers targeted a popular open-source web-based system administration tool. The vulnerability would have allowed hackers to bypass two-factor authentication under certain conditions.

The company said it notified the software vendor quickly enough for a security patch to be issued before widespread exploitation occurred.

“Threat actors are leveraging AI to augment various phases of the attack lifecycle,” Google wrote in its report. “This includes supporting the development of vulnerability exploits and malware, facilitating autonomous execution of commands, enabling more targeted and well-researched reconnaissance, and improving the efficacy of social engineering and information operations.”

Google did not identify the administration tool involved, the hacking group behind the operation, or the AI platform allegedly used during the attack. The company added that it did not believe its own Gemini models were involved.

Still, Google researchers said they had “high confidence” that an AI model assisted in the discovery and weaponization process.

That conclusion was based partly on unusual characteristics found inside the malicious code.

The AI Fingerprints Hidden Inside the Malware

According to an extensive report from The New York Times, Google researchers identified several traits inside the attack code commonly associated with AI-generated programming output.

The malicious Python script reportedly included excessive explanatory comments, educational-style documentation, highly structured formatting, and even hallucinated vulnerability-scoring information that human hackers would rarely include in real-world exploit code.

Rob Joyce, former cybersecurity director at the National Security Agency, reviewed the findings before publication.

“It is the closest thing yet to a fingerprint at the crime scene,” Joyce said.

John Hultquist, chief analyst at Google Threat Intelligence Group, warned that the attack likely represents only the beginning of a much larger shift.

“It’s a taste of what’s to come,” Hultquist told The New York Times. “We believe this is the tip of the iceberg. This problem is probably much bigger; this is just the first tangible evidence that we can see.”

The broader concern inside cybersecurity circles is simple: AI systems could dramatically compress the time required to identify and exploit software flaws.

A vulnerability that once took elite researchers months to uncover could eventually be discovered by AI systems in hours or minutes.

That changes the balance between attackers and defenders.

The Rise of Autonomous Cyberattacks

The cybersecurity industry is already seeing early signs of this shift spreading into other forms of digital crime.

Google says the threat goes far beyond a single exploit.

According to the company, attackers are already using AI to accelerate the creation of “polymorphic” malware that can constantly change its behavior to avoid detection. Google added that suspected Russia-linked threat actors have used AI-assisted development techniques to build obfuscation layers and AI-generated decoy logic intended to confuse security researchers and defensive systems.

“AI-driven coding has accelerated the development of infrastructure suites and polymorphic malware by adversaries,” Google wrote. “These AI-enabled development cycles facilitate defense evasion by enabling the creation of obfuscation networks and the integration of AI-generated decoy logic in malware.”

Researchers at ESET recently identified a ransomware variant known as “PromptLock” that reportedly used local AI models to generate malicious encryption scripts.

Security teams are also seeing attackers “jailbreak” mainstream AI systems into assisting with offensive tasks by disguising malicious prompts as legitimate research requests.

Some researchers informally refer to the tactic as “vibe hacking,” in which attackers manipulate AI systems to bypass safety restrictions using carefully crafted conversational prompts.

The result is a growing cyber arms race between companies building stronger AI safeguards and attackers trying to break through them.

Governments are paying close attention.

The Trump administration has reportedly explored proposals to subject frontier AI systems to some form of government review before public release, especially models with advanced cybersecurity capabilities.

Inside Silicon Valley, many executives now face an uncomfortable dilemma.

The same AI systems capable of helping defend networks may also become powerful offensive cyber tools if they fall into the wrong hands.

AI May Eventually Make Software Safer. The Internet Has to Survive First

Some cybersecurity experts still believe that advanced AI models will eventually improve software security.

AI systems may someday help developers eliminate coding flaws before products are released, reducing the number of exploitable vulnerabilities across the internet.

The immediate reality looks far messier.

Today’s internet still runs on decades of imperfect code written by humans across millions of servers, applications, routers, enterprise systems, and cloud platforms. Much of that infrastructure was never built for an era where AI systems could scan, analyze, and exploit weaknesses at machine speed.

“The bleeding-edge models will allow us to build the safest code we’ve ever built,” Hultquist said. “That is an absolute win for cybersecurity. The challenge is that we have just begun that process, and we have to contend with a world of code that is already out there.”

That may now be the defining cybersecurity challenge of the AI era.

The race is no longer just between hackers and defenders.

It is becoming a race between vulnerable human-written software and machines learning how to break it.