Google find first-ever evidence of AI-created zero-day exploit used by cyber criminals

Google researchers have uncovered the first known evidence of the most serious and dangerous category of security vulnerability being created by hackers using artificial intelligence. This landmark discovery signals a significant escalation in the threat posed by AI-assisted cybercrime.

The team from Google's Threat Intelligence Group (GTIG) reported on Monday that cyber criminals are actively misusing advanced AI models to develop what is known as a zero-day exploit — a flaw so deeply concealed that it remains entirely invisible even to experienced software engineers working within the affected systems.

A world first in AI-enabled cyber threats

"For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI," the researchers wrote in their report.

They added: "The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use."

The finding is considered particularly alarming because zero-day vulnerabilities, by their very nature, exist undetected — leaving no visible trace that would alert security teams to their presence until they are actively exploited.

State-linked hackers leading the charge

According to the researchers' findings, hackers with links to North Korea and China represent some of the most significant threats in this emerging landscape, actively exploiting AI capabilities to engineer zero-day cyber vulnerabilities at scale.

The report forms part of a broader and deeply concerning pattern of AI misuse at the hands of cyber criminals, which has contributed to a record-breaking surge in cyber attacks in 2026 alone.

A separate report found that AI bot-driven attacks have increased more than tenfold over the past year, climbing from two million to 25 million incidents across the globe.

Powerful AI models exploited for malicious ends

In the competitive technology landscape, major companies continue to develop increasingly capable AI models.

In March, Anthropic unveiled its Mythos model, which is reportedly capable of detecting unprecedented vulnerabilities not only in software but also within browsers.

However, researchers have warned that hackers are exploiting such powerful models for harmful purposes on a considerable scale.

"Threat actors now pursue anonymized, premium tier access to models through professionalized middleware and automated registration pipelines to illicitly bypass usage limits," the researchers cautioned.

The result of such exploitation, they warned, is that these models enable rogue actors to carry out large-scale service misuse "while subsidizing operations through trial abuse and programmatic account cycling."