Google: Hackers Used AI to Build First Zero-Day

Get the Tech newsletter
Daily tech — startups, AI labs, chips, the launches that shape the next decade. Free.
- Google Threat Intelligence Group (TIG) reported the first known case of hackers using AI to discover and weaponize a zero-day — a software flaw previously unknown to defenders
- TIG chief analyst John Hultquist said "this is the tip of the iceberg," writing that other AI-developed zero-days are probably already in use and that "the signs won't be obvious"
- A criminal threat actor had planned to deploy the AI-built exploit in a mass exploitation event before Google helped get it patched in time
- Hultquist argued that if criminals are reaching this capability, then "state actors with significant resources probably are too"
- The exploit targeted a web admin tool, and researchers identified "artifacts of AI development" in the malicious code
- Hultquist said each new generation of AI models will further reduce the need for expert-developed hacking harnesses, calling it a race that has "already started"
Why it matters: Google's TIG has confirmed the first in-the-wild case of an AI-developed zero-day exploit, marking an inflection point in cyber threats. Hultquist's central argument — that criminal capability at this level implies nation-state capability too — raises the stakes for defenders, since the report itself acknowledges Google has limited visibility into the backend of both criminal and state operations. The shift compresses the window between vulnerability discovery and mass exploitation.
