Google's Threat Intelligence Group (GTIG) has reported a significant cybersecurity incident involving the use of artificial intelligence by hackers. The report, released on Monday, revealed that GTIG successfully thwarted an attempt by a hacker group to exploit a zero-day vulnerability—an undisclosed software flaw—to facilitate a mass exploitation operation. This vulnerability had the potential to bypass two-factor authentication, a common security measure.
GTIG expressed "high confidence" in its findings, though it did not disclose the identity of the hacker group involved. Importantly, Google stated that its proprietary AI model, Gemini, was not utilized in this incident. The report highlights the increasing sophistication of cybercriminals, who are leveraging AI tools, such as OpenClaw, to identify and exploit software vulnerabilities effectively. This trend poses significant risks to businesses and government entities, despite substantial investments in cybersecurity defenses.
The report follows earlier concerns raised by Anthropic, which postponed the rollout of its AI model, Mythos, over fears that it could be misused for identifying and targeting longstanding software vulnerabilities. This situation prompted high-level discussions within the White House involving technology and business leaders.
In a related development, OpenAI recently announced the limited rollout of GPT-5.5-Cyber, an AI model intended for vetted cybersecurity teams. Google's report also pointed out that hacking groups associated with nations like China and North Korea have shown a marked interest in employing AI for vulnerability discovery.
These developments underscore a growing intersection between AI technology and cybersecurity threats, highlighting the need for ongoing vigilance and adaptation within the cybersecurity landscape.