Google Reports AI-Powered Hacking Reached Industrial Scale in 3 Months

Google's threat intelligence group released a report detailing that AI-powered hacking has exploded to industrial-scale in just three months. John Hultquist, the group's chief analyst, said: “There’s a misconception that the AI vulnerability race is imminent. The reality is that it’s already begun.”

Criminal groups and state-linked actors from China, North Korea, and Russia are widely using commercial models—including Gemini, Claude, and OpenAI tools—to refine and scale up attacks. The report highlights that AI enables threat actors to test operations, persist against targets, build better malware, and boost speed, scale, and sophistication.

Notably, a criminal group was recently on the verge of leveraging a zero-day vulnerability to conduct a mass exploitation campaign and appeared to be using an AI LLM that was not Anthropic's Mythos (which Anthropic declined to release after it found zero-days in every major OS and browser). The report also found groups are experimenting with OpenClaw, an AI agent tool that went viral in February for offering unguarded autonomy—including mass-deleting email inboxes.

Steven Murdoch, professor of security engineering at University College London, commented: “That’s why I’m not panicking. In general we have reached a stage where the old way of discovering bugs is gone, and it will now all be LLM-assisted.”

Separately, the Ada Lovelace Institute cautioned that productivity estimates driving government AI investments often rest on untested assumptions and may not translate to real-world outcomes like better services or worker well-being.