Google confirms criminal hackers used AI to discover serious software flaw
What was once considered a hypothetical scenario, almost science fiction within cybersecurity, just became reality. For years, researchers debated whether artificial intelligence models could go beyond creative and analytical tasks to act as offensive tools in digital attacks. The answer arrived in a surprisingly concrete way, without warning and with all the evidence documented by one of the largest security teams on the planet.
In a report released this Monday, Google revealed that a criminal group used artificial intelligence to identify an unknown flaw in a widely used open-source web administration tool. The process did not involve manual trial and error, nor weeks of human analysis poring over lines of code. It was an AI model operating systematically, scanning possibilities and identifying entry points that would have gone unnoticed by any conventional analyst working within a normal timeframe.
It was not a coincidence, it was not luck — it was artificial intelligence actively working to find gaps that humans might have taken months to discover. And the detail that stands out the most: this is the first confirmed case in which the exploitation of a zero-day vulnerability was primarily conducted with the help of an AI model. For digital security experts, this moment carries enormous weight. It is not just another incident in the long history of cyberattacks around the world. It is a turning point — the kind of event that splits the timeline into before and after.
As John Hultquist, chief analyst at the Google Threat Intelligence Group, put it quite bluntly: this is just the tip of the iceberg.
What exactly happened in this attack
According to the report published by Google, the zero-day vulnerability was detected by the Google Threat Intelligence Group in recent months. The hacker group — identified by Google only as prominent cybercrime actors — exploited the flaw through a script written in the Python programming language. The breach would have allowed the attackers to bypass two-factor authentication on a web-based system administration tool that is widely used and open-source.
However, for the attack to succeed, the hackers would also need access to valid credentials, such as usernames and passwords. In other words, the vulnerability served as an additional layer of exploitation, not a completely autonomous entry point. Still, the potential for damage was significant, considering that web administration tools typically have privileged access to entire systems.
Google chose not to reveal which administration tool was affected, but reported that they notified the software developer quickly enough for a fix to be applied before the attack caused any real damage. The company also did not publicly identify the responsible hacker group or reveal which AI platform was used, but made a point of stating that it does not believe its own Gemini chatbot was involved.
What truly makes this case unique is how Google reached the conclusion that AI was involved. The report states with a high degree of confidence that the malicious actor likely used an AI model to support both the discovery and the weaponization of the vulnerability. Among the clues that led to this conclusion were unusual elements in the code, such as overly detailed explanatory text and other oddities that a human programmer would have no reason to include. These are traces that Rob Joyce, former cybersecurity director at the National Security Agency, described as the closest thing to a fingerprint at the crime scene.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
Joyce, who reviewed the findings before publication, emphasized that it is normally difficult to distinguish whether code was written by a human or a machine, since AI-generated code does not announce itself. But in this specific case, the evidence presented by Google was considered quite convincing.
The broader context: AI as a cyber weapon
This incident does not exist in a vacuum. It connects to a series of recent events that are reshaping the landscape of global cybersecurity.
Late last year, Anthropic revealed that hackers sponsored by the Chinese government used its technology in an attempt to infiltrate computer systems at approximately 30 companies and government agencies around the world. That episode marked the first reported case of a cyberattack in which AI collected sensitive information with limited human involvement. Now, with the case revealed by Google, the scenario advances one more step — from passive intelligence gathering to the active discovery of vulnerabilities.
There is also the case of Mythos, Anthropic’s AI model announced in April of this year, which raised concerns to unprecedented levels. According to Anthropic, Mythos identified thousands of zero-day vulnerabilities across all major operating systems and all major web browsers, including many flaws that had existed for decades without being detected. The destructive potential of this capability was so alarming that Anthropic chose to share the model only with a limited number of companies and government agencies in the United States and the United Kingdom.
These events, combined, are pressuring governments and the tech industry to urgently reassess how — and whether — they should police the most advanced versions of AI. The Trump administration in the United States has been reviewing proposals that include a formal government review process for new models before they are made available to the public, as reported by The New York Times. The idea of controlled releases of the latest models, allowing experts to identify and fix issues before they fall into the wrong hands, is gaining increasing traction in the international debate. 🔐
Why this changes everything in cybersecurity
Cybersecurity has always been a two-sided contest: on one side, researchers and companies trying to find and fix flaws before someone exploits them; on the other, malicious groups trying to discover those same flaws before they get patched. This precarious balance was built over decades based on a silent assumption — that both attackers and defenders were operating with more or less equivalent human resources.
With AI entering this equation, that assumption collapses. The digital battlefield now has an asymmetry we do not yet know how to balance.
To put it in perspective, zero-day vulnerabilities were considered so rare and powerful that they could be worth millions of dollars on the underground markets used to trade hacking tools. Finding one required months of specialized work, highly skilled teams, and a fair amount of luck. Now, with AI models capable of analyzing millions of lines of code in a fraction of the time any human team would need, the scarcity of these vulnerabilities may cease to exist — and with it, the entire security model that depended on that rarity.
And the most concerning part: this type of technology is not restricted to governments or large criminal organizations. With the advancement and democratization of artificial intelligence, it is only a matter of time before smaller groups also gain access to similar capabilities, making the threat landscape even more fragmented and unpredictable.
On the defensive side, the most logical response would be to use the same technology to strengthen security — and that is already happening in labs around the world. But there is a structural problem in this race: while attackers only need to find one gap to succeed, defenders need to close all of them. The asymmetry is not just technological, it is also strategic. Cybersecurity teams now need to think not only about how to protect systems, but about how to anticipate what an adversarial AI would be capable of finding before they do.
The evidence linking the attack to artificial intelligence
One of the most fascinating aspects of this case is the forensic methodology Google employed to attribute the attack to AI. As Rob Joyce pointed out, AI-generated code does not carry a stamp or signature saying it was made by a machine. So how did Google reach that conclusion?
The report points to anomalies in the code that would be highly unusual in human work. Excessively detailed explanatory comments, formatting patterns that make no sense from an experienced developer’s perspective, and certain structural choices that carry the hallmark of generative language models — all of this created a picture that, according to Joyce, is the closest we have ever come to a fingerprint at the crime scene when it comes to AI-generated code.
Hultquist confirmed that Google possesses additional indicators supporting the conclusion but chose not to disclose them publicly. This stance makes strategic sense: revealing all detection techniques would allow future attackers to adjust their methods to avoid identification, turning transparency into a tactical disadvantage.
This question of attribution — knowing who is behind an attack and what tools were used — is one of the biggest challenges in modern cybersecurity. With AI entering the equation on both the offensive and defensive sides, this challenge becomes exponentially more complex.
The other side of the coin: AI as a defense ally
Despite the concerning scenario, it is not all bad news. Some experts believe that, in the long run, artificial intelligence will strengthen cybersecurity in significant ways. The logic is relatively straightforward: if AI can find vulnerabilities with unprecedented efficiency, it can also help write flawless code from the start.
Hultquist himself expressed this view with cautious optimism. According to him, the most advanced AI models will make it possible to build the most secure code humanity has ever produced. That would represent an absolute win for cybersecurity.
But — and here is the problem — that future is still far off. The immediate challenge is dealing with all the code that already exists in the world, written by imperfect human hands over decades. There are billions of lines in systems that support critical infrastructure, financial platforms, communication networks, and much more. Rewriting everything from scratch is not feasible. Auditing everything with AI will take time. And meanwhile, the attackers are not going to wait.
The digital arms race has gained a new chapter, and it is being written in real time. On one side, defense teams trying to use AI to scan and fix vulnerabilities at scale. On the other, criminal groups and even governments using the same technology to find those vulnerabilities first. Whoever gets there first determines the outcome. 🤖
What lies ahead in the AI threat landscape
John Hultquist, when commenting on the case publicly, was categorical in saying that this is only the beginning. The expression tip of the iceberg is not rhetoric — it reflects a very concrete technical concern. If one group has already managed to use AI to discover and exploit a zero-day in a widely used tool, what stops other groups from doing the same with even more critical systems?
Energy infrastructure, hospital networks, financial systems, and government communications are all potential targets, and all of them depend on software with the potential to contain vulnerabilities still unknown. The scale of the problem is hard to overstate.
The cybersecurity community is digesting this event with a mix of urgency and clarity. Many experts are already pointing out that the coming months will be decisive in defining how governments, tech companies, and security teams respond to this new paradigm. Some countries are already discussing specific regulations for the use of AI in offensive security contexts, while organizations like Google, Microsoft, and various independent research groups are accelerating the development of AI-based defensive tools.
Google’s discovery also strengthens the arguments in favor of controlled releases of the most advanced AI models. The idea is that, before a new model is made widely available, security experts should have the opportunity to evaluate its offensive capabilities and develop countermeasures. Anthropic’s Mythos model already followed this path by being shared only with selected entities. The question now is whether this approach will be adopted more broadly by the industry — or whether competitive market pressure will push companies to release increasingly powerful models without proper safeguards.
For anyone following the world of technology and artificial intelligence, this event serves as a powerful reminder that advances in AI carry with them both incredible possibilities and real risks that need to be taken seriously. The same type of model that helps doctors diagnose diseases, that accelerates scientific research, and that improves digital products around the world can also be aimed at finding gaps in critical systems with an efficiency no human being can replicate.
Understanding this duality is not pessimism — it is the first step toward building a more secure digital future that is aware of the challenges ahead.
