Security researchers at Alphabet Inc's Google have reported that a cybercrime group likely used artificial intelligence to create a hacking tool capable of bypassing defenses in a widely used system administration tool. The scheme, which was foiled after Google alerted the tool's developer, marks the first time Google's Threat Intelligence Group has caught a hacker using an AI-generated zero-day vulnerability, according to a report published Monday.
AI-Powered Zero-Day Discovery
Zero-day vulnerabilities are flaws unknown to the software developer, leaving no time for defenders to patch before they can be exploited. Google stated it has high confidence that AI was employed to help discover and weaponize the exploit. However, the company declined to name the cybercrime group, the affected software, or the specific large language model used in the attempted attack. A spokesperson confirmed that researchers do not believe the exploit was created using Anthropic PBC's Mythos or Google's own model, Gemini.
Timeline and Response
Google would not specify when the exploit was discovered, only describing it as recent. In April, Anthropic announced it would not widely release its new model, Mythos, citing that its use of AI to exploit software flaws posed a national security risk. Since then, the White House has taken steps to address potential malicious use of large language models, including holding emergency meetings with technology and industry leaders.
Google researchers said their findings suggest such threats are already a reality. The hacking group used an AI model to find a previously unknown flaw in the tool, which could bypass multi-factor authentication—a security protection often added alongside passwords—to gain access to internal networks of organizations using the software. Google alerted the tool's developer, who fixed the issue before hackers could deploy it against users.
Implications for System Administration Tools
Businesses rely on web-based system administration tools to configure and manage servers, websites, and applications remotely. These tools also manage security settings, employee accounts, and permissions for accessing systems and data. The incident underscores the growing threat of AI-enabled cyberattacks and the need for proactive defense measures.
