Google TIG Reports First AI-Generated Zero-Day Exploit in the Wild

Google Threat Intelligence Group (GTIG) has published a report detailing the first observed instance of AI being used offensively for zero-day vulnerability exploitation. According to the report, a criminal threat actor had developed a zero-day exploit using AI, planning a mass exploitation event. GTIG's proactive counter discovery may have prevented its use.

Key Findings

• AI-Generated Zero-Day Exploit: For the first time, GTIG identified a threat actor using a zero-day exploit that was likely developed with AI. The exploit was intended for mass exploitation but was potentially neutralized by Google's intervention.
• State-Sponsored Interest: Threat actors associated with the People's Republic of China (PRC) and the Democratic People's Republic of Korea (DPRK) have shown significant interest in using AI for vulnerability discovery.
• AI-Augmented Malware: Russia-nexus actors are using AI-driven coding to develop polymorphic malware and obfuscation networks for defense evasion. The malware PROMPTSPY exemplifies autonomous attack orchestration, interpreting system states to dynamically generate commands.
• Autonomous Malware: PROMPTSPY represents a shift toward autonomous malware operations, where AI models offload operational tasks for scaled and adaptive activity.
• Supply Chain Attacks on AI: Adversaries like TeamPCP (aka UNC6780) are targeting AI environments and software dependencies for initial access, then pivoting to broader networks for ransomware and extortion.
• Obfuscated LLM Access: Threat actors use automated registration pipelines and premium-tier middleware to bypass usage limits for large-scale model abuse.

Implications for Developers

This report underscores that AI is now a double-edged sword: adversaries are leveraging generative models to accelerate exploit development, while defenders can use tools like Google's Big Sleep (AI agent for vulnerability discovery) and CodeMender (automatic fix generation) to counter these threats. The secure integration of AI components is critical, as supply chain attacks on AI software (Insecure Integrated Component and Rogue Actions risks per SAIF taxonomy) become more common.

Developers using AI coding agents should be aware that the same models enabling productivity gains are also being weaponized. Defensive measures include proactive vulnerability scanning, monitoring for anomalous AI-generated code patterns, and securing AI tooling within their supply chain.