“There’s a misconception that the AI vulnerability race is imminent. The reality is that it’s already begun.” John Hultquist, chief analyst at Google Threat Intelligence Group, delivered that warning after the discovery of what GTIG calls the first observed case of cybercriminals using AI to identify and weaponize a zero-day vulnerability.
Google Threat Intelligence Group findings
Published on May 11, the GTIG AI Threat Tracker report describes a coordinated operation in which “prominent” cybercrime threat actors planned a mass exploitation campaign. According to the report, an AI model was likely used both to identify a zero-day and to produce weaponized exploit code that would bypass two‑factor authentication protections on a popular open‑source, web‑based system administration tool.
GTIG said this is the first evidence it has seen of a threat actor successfully using AI to support discovery and weaponization of a zero‑day. GTIG worked with the vendor for the affected system administration tool to close the vulnerability and to disrupt the campaign before the exploit could be deployed.
The AI‑crafted exploit: technical signals in the code
GTIG’s analysis found multiple signals that the exploit code, implemented in Python, was generated or assisted by an AI model. The script contained highly structured educational docstrings and a Pythonic format consistent with the type of training data used by large language models (LLMs). The code also included a hallucinated CVSS score — an implausible or fabricated metric that GTIG cited as another indicator the script was produced by an AI rather than hand‑written by a human developer.
GTIG also noted that neither the Google Gemini AI model nor Anthropic Mythos were used by the attacker, the report said.
Target and response: the system administration tool and vendor collaboration
The zero‑day targeted a widely used open‑source, web‑based system administration tool. GTIG coordinated with the tool’s vendor to close the vulnerability and to interrupt the planned mass‑exploitation operation. Because the campaign was disrupted prior to deployment, the immediate risk to users of that specific tool was reduced; GTIG’s statement framed the event as a successful defense in this instance.
State actors and cybercriminals using AI
The report lays out that both nation‑state and criminal threat actors are incorporating AI into operations. GTIG said the People’s Republic of China (PRC) and the Democratic People's Republic of Korea (DPRK) have shown “significant interest” in applying AI to find vulnerabilities. Criminal groups, meanwhile, are deploying AI to assist in malware development and to build operational support tools that can evade detection by traditional anti‑virus or defensive controls.
GTIG added that, despite high‑profile examples of advanced uses, the most common role for LLMs among attackers mirrors civilian usage: research, troubleshooting and automating intelligence‑gathering tasks. “Threat actors are using AI to boost the speed, scale, and sophistication of their attacks. It enables them to test their operations, persist against targets, build better malware, and make many other improvements,” Hultquist said. He also warned that criminal groups remain a serious concern given “their history of broad, aggressive attacks.”
What this means for technologists, open‑source maintainers, and adversaries
- Technologists and security teams: GTIG’s report signals a need to watch for AI fingerprints in exploit code — structured docstrings, stylistic traces of LLM training data and odd artifacts such as fabricated CVSS scores — and to incorporate those indicators into threat hunts and code review processes.
- Open‑source maintainers and vendors: the incident illustrates the value of swift vendor‑researcher coordination; GTIG’s collaboration with the tool’s vendor both closed the vulnerability and prevented a campaign from reaching users. Maintainters will need processes to accept, test and remediate disclosures rapidly when AI‑driven discovery is involved.
- Nation‑states and cybercriminal groups: the report documents active interest from PRC and DPRK actors in AI‑driven vulnerability discovery and highlights that criminal groups are already using AI to improve malware and operational tooling — increasing the tempo and scale of potential attacks.
GTIG’s disclosure closes one chapter: a disruption of a campaign that had already produced code bearing AI fingerprints. But the report’s bluntest line — “for every zero‑day we can trace back to AI, there are probably many more out there” — leaves the record with a clear implication: defenders will need to adapt to not only faster, AI‑assisted offensive workflows, but also to new, subtle signals that AI leaves in exploit code.
