NewsAI securityGoogle

Google Disrupts First Confirmed AI-Powered Zero-Day Attack

For the first time, criminals used a large language model to discover and exploit an unknown security vulnerability. Google's threat intelligence team says the era of AI-driven cyber attacks is here.

Alex Chen4 min read(Updated: )
Google Disrupts First Confirmed AI-Powered Zero-Day Attack

The milestone nobody wanted

Google's threat intelligence team has stopped what they are calling the first confirmed instance of a criminal group using a large language model to discover and exploit a zero-day vulnerability, a security flaw the software vendor did not know existed and had not patched.

"This is not a theoretical risk anymore," said Google's threat intelligence chief in a briefing last week. "The era of AI-driven vulnerability discovery and exploitation is already here."

Before we get into the details, let me explain what a zero-day attack actually is, because the term gets thrown around a lot but the mechanics matter here. A zero-day vulnerability is a security hole that the software maker does not know about. No patch exists. The "zero" refers to the number of days the vendor has had to fix it. When attackers find one, they have free rein until someone notices. Traditional zero-day discovery is hard, manual work. It takes deep expertise, weeks or months of reverse engineering, and a lot of trial and error. A skilled human researcher might find a handful of zero-days in a career.

AI changes that calculus. An LLM can read through millions of lines of code in minutes, identify patterns that suggest weakness, and generate test cases to confirm the vulnerability. It cannot do this perfectly today, and the Google case involved human criminals guiding the AI. But the speed difference is the point. What took months could eventually take hours.

The attacker group, which Google has not publicly named, used an AI model to analyze a widely-deployed enterprise software product, identify an unknown weakness in its authentication system, and generate working exploit code. The attack was caught before widespread damage occurred, but security researchers say the technique itself is what matters, and it will only get faster.

How AI changes cybersecurity, fundamentally

I have been following cybersecurity for years, and what makes this moment different is the asymmetry. Defenders and attackers always compete, but the tools have historically been roughly balanced. Both sides used similar techniques, similar levels of automation, similar constraints.

AI breaks that symmetry. Attackers only need to find one vulnerability. Defenders need to find and fix all of them. An AI model that can scan codebases faster than any human team ever could tilts the advantage toward offense. This is not speculation. The UK's AI Safety Institute (AISI) recently tested frontier models on a benchmark called "The Last Ones," a 32-step simulated corporate network that requires full domain takeover to complete. Anthropic's Claude Mythos achieved a 73% success rate on expert-level offensive tasks. OpenAI's GPT-5.5 followed three weeks later at 71.4%.

Those numbers should bother you. A 73% success rate on a task that would stump most professional penetration testers, from a model available to anyone with an API key. The AISI now estimates that frontier cyber-offense capability is doubling every four months, down from a seven-month doubling rate in late 2025. At that pace, what is currently the domain of state-level actors will be accessible to mid-tier criminal groups within a year.

Historical context: AI in hacking is not new, but this is different

People have used machine learning for security research for years. Academic papers on ML-assisted fuzzing, the technique of feeding random inputs to software to find crashes, date back to the late 2010s. What is different now is the generality. Old approaches required purpose-built models trained on specific software. An LLM can pivot from analyzing an authentication module to scanning a network protocol to reverse-engineering a binary, all from the same model, within the same conversation. The general-purpose nature of frontier models makes them far more dangerous as offensive tools.

What companies and individuals should do

For companies, the practical implications are straightforward but demanding. Security patch cycles need to accelerate. The old model of monthly patch Tuesday, quarterly penetration tests, and annual security audits will not survive an era where AI can find new vulnerabilities between patch cycles.

Google's recommendation, and I agree with it, is that organizations need to assume an AI-assisted attacker is probing their systems right now. That means continuous monitoring, not periodic scanning. It means investing in automated patch deployment that reduces the window between a fix being available and being applied. It means treating AI-driven threat detection as a budget line item, not a nice-to-have.

For individuals, the advice has not changed much, but the urgency has. Keep software updated, and set automatic updates wherever possible. Use two-factor authentication on every account that supports it. Do not reuse passwords. Use a password manager. These are boring recommendations that everyone has heard before, but the gap between hearing them and doing them is where most breaches happen. The practical difference now is that the window between a vulnerability being discovered and being exploited is shrinking fast. You cannot afford to wait a week to install updates anymore.

What comes next

I think we will look back at 2026 as the year the cybersecurity field permanently changed. AI-assisted zero-day discovery is no longer hypothetical. Google caught this one, but the next one, or the one after that, might be deployed at scale before anyone notices. The question is not whether AI will be used for cyber attacks. It already is. The question is how quickly the defense side adapts, and right now, the offense is moving faster.