Researchers from the Google Threat Intelligence Group (GITG) have claimed to have identified an advanced working zero-day exploit mechanism developed by Artificial Intelligence (AI). In a report released on Monday, the GTIG said that a prominent cyberthreat group used an AI model to weaponize security loopholes in the system administration tool of an open-source network.
The GITG has indicated that the threat actors behind this malicious mechanism are linked to China and North Korea, who intended to use it for a mass exploitation event.
“Our proactive counter discovery may have prevented its use,” Google said, sounding an alert on the dangers of AI-based coding that is being tapped into by threat actors raising serious threats against existing cybersecurity solutions and practices.
Google, in its report, classified the exploit mechanism as a 2FA bypass.
“It stems not from common implementation errors like memory corruption or improper input sanitization, but a high-level semantic logic flaw where the developer hardcoded a trust assumption,” the GTIG researchers explained.
According to the findings, AI models are getting only better at identifying human-introduced coding mistakes and are increasingly becoming more proficient in finding hidden flaws in technical infrastructures.
The exploit code, that the report is taking about, was based on the Python coding language and showed multiple signs of having been AI-generated than human-written. These signs included AI-typical formatting and suspiciously high educational docstring structures.
Google went on to confirm that neither its own Gemini model nor Anthropic’s Mythos were used to create the malware.
Google has noted that beyond coding cyber malwares, threat actors are using AI to find out what kinds of hardware and software ecosystems are being used by their potential victims to tailor targetted attacks.
“GTIG’s tracking of IO threats across the open internet continues to uncover activity illustrating how threat actors use AI tooling to enhance established tactics,” it said. “As the generative AI landscape matures, the methods by which threat actors procure and operationalize these models have shifted from simple experimentation to industrial-scale consumption.”
Source: Google Cloud Blog
State of AI concerns
These findings from the GTIG intensify existing concerns around the lack of comprehensive AI guardrails and the risks posed by letting the powerful technology accessible to all internationally.
Last week, the International Monetary Fund (IMF) pointed out that the influx of AI into the global financial system poses systemic risks, because the technology is also fully available to malicious cyber actors. The IMF has forecasted that a single AI-related exploit could lead to a cascade of interrelated failures putting market liquidity and stability at major risk.
As of now, AI-focussed rules and regulations remain largely undefined in most parts of the world. Last week, New York state senator Kristen Gillibrand said at the Consensus conference that the U.S. will soon shift its focus on curating detailed AI laws as soon as the work on the country’s crypto market structure bill is finalized.
The White House is presently considering to start screening all AI models before they go live for the public. As per reports, President Donald Trump could soon put in place an AI task force to map out the path to regulating the AI sector.
Earlier in March, the U.K. released its National Policy Framework for AI to shape-up the development, deployment, and ethical use of AI within its parameters. The European Union (EU) had framed its EU AI Act in 2024 that divides, assesses, and tackles AI activities according to four categories — unacceptable risk, high risk, limited risk, and minimal risk.
According to Google, “the potential of AI, especially generative AI, is immense. As innovation moves forward, the industry needs security standards for building and deploying AI responsibly.”