Google said it uncovered evidence that a criminal hacking group used advanced technology to help identify and exploit a previously unknown software flaw in a cyberattack attempt, marking what experts describe as a major shift in cybersecurity threats.
In research published Monday, Google said the attack involved a so-called “zero-day vulnerability,” a hidden security flaw unknown to software developers that could allow hackers to bypass protections such as two-factor authentication.
“We have high confidence that the actor likely leveraged an A.I. model to support the discovery and weaponization of this vulnerability,” the report said.
Google did not identify the hacking group, the intended target, or the platform used, but said it does not believe its own Gemini chatbot was involved. The company added that it alerted the affected software developer quickly enough for a patch to be released before damage could be done.
The company’s Threat Intelligence Group said the flaw was discovered within the past few months in a Python script targeting a widely used open-source web administration tool.
John Hultquist, chief analyst at Google Threat Intelligence Group, warned that the incident may signal a much larger trend.
“It’s a taste of what’s to come,” Hultquist said. “We believe this is the tip of the iceberg. This problem is probably much bigger; this is just the first tangible evidence that we can see.”
Former National Security Agency cybersecurity director Rob Joyce said Google’s findings appeared to provide one of the clearest indications yet that advanced automated systems may already be shaping real-world cyberattacks.