Google uncovers first known zero-day exploit created with the help of AI

At a glance:

• Google's Threat Intelligence Group (GTIG) has identified the first-ever zero-day exploit it believes was developed with the assistance of an AI model.
• The threat actor was planning a "mass exploitation event" against an unnamed company, which Google says was notified and subsequently patched the vulnerability.
• Google said it does not believe its own Gemini models were used, but expressed "high confidence" that an AI model played a role in discovering the vulnerability and weaponizing the exploit.

What Google found

Google's Threat Intelligence Group (GTIG) has reported what it calls a landmark discovery in cybersecurity: a zero-day exploit that the group believes was created with the help of an artificial intelligence model. Zero-day vulnerabilities are among the most dangerous class of security flaws precisely because they are previously unknown to the software vendor or target, leaving victims with zero days of lead time to prepare a defense. In this case, GTIG determined that the threat actor intended to use the exploit in a planned "mass exploitation event," though Google's proactive intervention "may have prevented its use." The company did not identify the specific product or service that contained the vulnerability, nor did it disclose the name of the targeted organization, but it confirmed that the unnamed company was notified and applied a patch.

The role of AI in the exploit

While Google stopped short of naming the AI model that may have been involved, the company stated it has "high confidence" that an artificial intelligence system contributed to both discovering the vulnerability and developing a working exploit. Notably, Google said it does not believe any of its own Gemini models were used in the process — a distinction that leaves open the question of which model or family of models may have played a part. The report also pointed to a broader pattern: threat actors associated with China and North Korea have shown "significant interest" in leveraging AI capabilities for discovering and exploiting security vulnerabilities, suggesting that state-linked groups may be among the earliest adopters of AI-assisted offensive tooling.

Expert reaction and broader implications

John Hultquist, chief analyst at Google's GTIG, characterized the finding in stark terms during an interview with The New York Times. He called the incident "a taste of what's to come" and "the tip of the iceberg," describing it as the first piece of "tangible evidence" that AI-generated exploits are moving from theoretical risk to operational reality. Hultquist's assessment underscores a growing concern across the security community: as large language models become more capable at reasoning about code and system internals, the barrier to crafting sophisticated zero-day exploits could drop significantly, widening the pool of actors capable of high-impact attacks.

AI as a defensive tool

Google was careful to note that AI is not solely an offensive weapon. In the same report, the company emphasized that "AI can also be a powerful tool for defenders," pointing to ongoing efforts across the industry to use machine learning models for vulnerability discovery, threat detection, and incident response. This dual-use framing is increasingly common in cybersecurity discourse — the same capabilities that allow an AI model to reason about how to break software can, in principle, be harnessed to find and fix flaws before attackers exploit them.

Anthropic's Project Glasswing

Last month, Anthropic announced Project Glasswing, an initiative aimed at using its Claude Mythos Preview model specifically to discover and defend against "high-severity vulnerabilities." The project represents one of the first major efforts by a frontier AI lab to formally task a leading model with offensive security research in a controlled, defensive context. By positioning Claude Mythos Preview as a vulnerability-hunting tool, Anthropic is signaling that the industry's leading labs recognize both the risk and the opportunity presented by AI-assisted security work — and are moving to shape how the technology is applied before malicious actors outpace defenders.

What to watch next

The Google GTIG report is likely to accelerate investment in AI-powered defensive security tooling while also intensifying debates around responsible disclosure and the governance of AI capabilities in offensive contexts. Key questions remain unanswered: which specific model family was used to develop the exploit, whether additional AI-assisted zero-days are already in the wild, and how quickly defensive programs like Anthropic's Project Glasswing can scale to match the pace of AI-driven threats. For now, the consensus among analysts is clear — this first documented case is unlikely to be the last.