Google says it disrupted an AI-driven effort to exploit a software bug

Google said it disrupted a criminal group’s effort to exploit a previously unknown security flaw, warning that artificial intelligence is increasingly being used to find and weaponize vulnerabilities faster than defenders can respond. In a statement reported Monday, the company said the attackers planned an operation that depended on a bug the group had identified and that the effort targeted a widely used online system administration tool. Google said it intervened before the operation caused damage and that it alerted the affected company and law enforcement as it traced the incident.

Google did not provide identifying details about the attackers or the victim organization, and it declined to name the specific system administration tool involved. The company characterized the weakness as a “zero-day exploit,” meaning the vulnerability was previously unknown and that engineers had no days to develop a fix once the attack emerged. According to Google, the flaw allowed the attackers to bypass two-factor authentication, giving them a way to access the tool.

As Google investigated the hackers’ activity, it said it found evidence that the group used an AI large language model to help discover the vulnerability. Google did not identify which AI model the attackers used, saying only that it was most likely not Google’s own Gemini or Anthropic’s Claude Mythos. The company said it found no evidence that the operation was tied to an adversarial government, but it added that groups linked to China and North Korea have been exploring similar techniques.

John Hultquist, chief analyst at Google’s threat intelligence arm, said the episode aligns with a warning security experts have raised for years: malicious actors using AI can increase their ability to penetrate computer systems. In an interview, Hultquist said, “It’s here,” and added, “The era of AI-driven vulnerability and exploitation is already here.” He said criminals can benefit from AI’s “tremendous capability for speed,” because they can move faster to find weaknesses and exploit them than government spies who tend to work more slowly and quietly.

Hultquist said there is a race between attackers and defenders to stop exploitation before hackers obtain the data they need to extort victims or deploy ransomware. He said, “AI is going to be a huge advantage because they can move a lot faster.” That framing underscores why Google’s disclosure matters to the broader cybersecurity debate over whether AI tools can be safely released and used without accelerating cyber risk.

The announcement also arrives amid rising attention to AI models that researchers and companies say can be used to test software security. Anthropic announced its Mythos model last month, and the U.S. has been watching closely because Anthropic said the model was so capable at hacking and cybersecurity work that it should be released to a limited set of trusted organizations. Anthropic created Project Glasswing, a group that includes major tech companies such as Amazon, Apple, Google and Microsoft, along with firms such as JPMorgan Chase, to focus on securing critical software against what it described as “severe” fallout tied to the model’s potential.

At the same time, the cluster said, the relationship between Anthropic and the U.S. government has been complicated. The report cited Anthropic’s public and legal fight with the Pentagon and with President Donald Trump over military use of Anthropic’s AI technology. Meanwhile, OpenAI has introduced a similar cybersecurity-focused approach, the report said, by releasing a specialized cybersecurity version of ChatGPT for “defenders responsible for securing critical infrastructure” to help them find and patch vulnerabilities in code.

In the policy realm, the cluster described shifting signals from President Donald Trump’s administration about how government should oversee powerful AI. The report said Trump’s Commerce Department announced last week that it signed new agreements with Google, Microsoft and Elon Musk’s xAI to evaluate the most powerful AI models before they are made public, but that the announcement later disappeared from the department’s website. The reported sequence was followed after Trump moved to repeal Democratic President Joe Biden’s guardrails around AI as it was rapidly developed, and it also built on earlier agreements Biden-era officials made with Anthropic and OpenAI.

Dean Ball, a senior fellow at the Foundation for American Innovation and a former lead author of a Trump AI policy roadmap, said he thinks regulation may still be necessary even as opinions differ on whether government should respond. He said, “Some people don’t want there to be a regulatory response to this and others do.” Ball added, “I don’t like regulation,” but said, “I would prefer for things not to be regulated. But I think we need to in this case.” He said he is optimistic that over time, improving AI coding tools can help defenders address routine cyberattacks affecting hospitals, schools and other organizations.

Ball said that in the near term, the scale of software that must be secured makes the risk harder to manage. He said there are “untold trillions of lines of software code” at stake, and he argued it can take years to harden systems. He said he believes coordination from the U.S. government could help, and he predicted a “transitional period” in which cybersecurity risks rise significantly, saying “the world might actually be more dangerous.”