Google Disrupts First Confirmed AI-Powered Zero-Day Attack

The Milestone Nobody Wanted

Google's threat intelligence team has disrupted what they're calling the first confirmed instance of a criminal group using a large language model to discover and exploit a zero-day vulnerability, a security flaw the software vendor didn't know existed and hadn't patched.

"This is not a theoretical risk anymore," said Google's threat intelligence chief in a briefing last week. "The era of AI-driven vulnerability discovery and exploitation is already here."

The attacker group, which Google has not publicly named, used an AI model to analyze a widely-deployed enterprise software product, identify an unknown weakness in its authentication system, and generate working exploit code. The attack was caught before widespread damage occurred, but security researchers say the technique itself is what matters, and it will only get faster.

The Numbers Are Accelerating

The UK's AI Safety Institute (AISI) recently tested frontier models on a benchmark called "The Last Ones", a 32-step simulated corporate network that requires full domain takeover to complete. Anthropic's Claude Mythos achieved a 73% success rate on expert-level offensive tasks. OpenAI's GPT-5.5 followed three weeks later at 71.4%.

The AISI now estimates that frontier cyber-offense capability is doubling every four months, down from a seven-month doubling rate in late 2025. At that pace, what's currently the domain of state-level actors will be accessible to mid-tier criminal groups within a year.

What This Means for Regular People

Most of these attacks target companies, not individuals. But the downstream effects, compromised services, leaked data, disrupted infrastructure, affect everyone. The practical takeaway hasn't changed: keep software updated, use two-factor authentication, don't reuse passwords. The difference now is that the window between a vulnerability being discovered and being exploited is shrinking fast.