Google Says Criminal Hackers Used AI to Find Zero-Day Vulnerability

Google has confirmed that criminal hackers used an AI system to identify and exploit a zero-day vulnerability in its software. According to the New York Times report, this marks the first documented case of attackers leveraging AI to autonomously discover a major security flaw. The breach was detected by Google's Threat Analysis Group (TAG) before significant damage occurred, but the incident signals a new phase in AI-powered cyberattacks.

How the Attack Worked

The hackers employed a custom AI agent to perform fuzzing and static analysis on Google's codebase, specifically targeting unpatched memory corruption bugs. The AI identified a use-after-free vulnerability in a widely deployed library, which was then weaponized into an exploit. Google declined to name the specific product but said it affects 'a significant number of users' and a patch is being rolled out.

Key technical aspects from the NYT piece:

• Attackers used a fine-tuned LLM combined with a binary analysis toolchain; they did not rely on publicly available AI models.
• The AI generated proof-of-concept payloads and iteratively refined them based on crash dumps.
• Google TAG intercepted the attack via anomaly detection in exploit delivery patterns, not AI-generated signatures.
• The full investigation is ongoing, but Google attributes the operation to a state-sponsored group known for financial cybercrime.

Implications for Defenders

This event validates long-standing concerns that AI will lower the bar for zero-day discovery. Security teams should expect an increase in automated vulnerability hunting and adjust their patch cadence accordingly. Tools like Microsoft's Security Copilot and Google's own Gemini for security have focused on defensive use—but this shows the same techniques are now live in adversarial hands. It's no longer theoretical; AI-driven offensive security is here.