Hackers are beginning to use artificial intelligence not just to automate scams or phishing emails, but to help create entirely new cyberattack tools including previously unknown software vulnerabilities, according to researchers at Google.
The discovery, reported Monday by Bloomberg, centers on what cybersecurity experts describe as a “zero-day” attack a flaw unknown to software developers at the time it is exploited, leaving systems exposed without immediate protection.
Researchers from Google’s security team said the attackers appeared to rely on AI systems to assist in identifying weaknesses and developing exploit code faster than traditional hacking methods would normally allow. Details about the specific targets were limited, and it was not immediately clear how widely the attack had spread.
A researcher familiar with the investigation told Bloomberg that AI tools were used to “accelerate parts of the vulnerability discovery process,” allowing hackers to move from analysis to active exploitation more quickly than seen in earlier incidents.
Zero-day vulnerabilities are considered among the most dangerous threats in cybersecurity because companies have no warning before they are used. Google’s Project Zero team a group created specifically to uncover undisclosed software flaws has long tracked such attacks across major technology platforms.
Security analysts say the development reflects a broader shift already feared within the industry.
“AI lowers the barrier to entry,” one cybersecurity analyst said, noting that tools capable of analyzing large codebases can now be adapted for malicious purposes. “What used to require elite expertise may soon become accessible to smaller threat groups.”
Communication surrounding the incident remained limited, and Google did not publicly release technical details that could allow others to replicate the attack. Researchers often delay disclosure while affected companies work on security patches.
Accounts differ among experts on how advanced the AI involvement actually was. Some researchers caution that artificial intelligence likely assisted human hackers rather than acting independently.
“It’s not AI hacking by itself,” another analyst said. “Humans are still directing the operation but AI is speeding up decision making.”
Cybersecurity specialists have warned for several years that generative AI could reshape digital warfare, both for defenders and attackers. Governments and technology firms have increasingly invested in AI driven defense systems designed to detect anomalies and block attacks in real time.
Still, incidents involving AI assisted vulnerability discovery remain relatively rare in publicly documented cases, raising fresh concern about how quickly the threat landscape could evolve.
For now, researchers say many questions remain unanswered including whether similar AI supported attacks are already occurring without detection, and how prepared software companies are for a future where machines help find weaknesses faster than humans can fix them.
