Google says it has found the first evidence of cybercriminals using artificial intelligence to create a zero-day vulnerability. The company reported its findings to the unnamed company affected by the vulnerability before publish its reportThe unnamed company then issued an update to fix the problem. 
Researchers from Google's Threat Intelligence Group detailed what happened in a report published Monday. Zero-day exploits are considered the most serious type of security flaw because they go undetected by security firms and have no known fixes.
The report says this was the first time Google found evidence of the use of AI in the development of these vulnerabilities – marking a significant shift in the cybersecurity landscape, as it suggests that newer AI models could be used to create significant exploits, rather than simply finding them.
Google concluded that Anthropic's Claude Mythos model – which has already found thousands of vulnerabilities in every major operating system and web browser – was likely not used to create the zero-day exploit.
The Google Threat Intelligence Group report also details efforts by Russian-linked hacking groups to use artificial intelligence models to target Ukrainian networks with malware, while the North Korean hacking group APT45 used artificial intelligence technologies to improve and scale its cyber methods.
John Hultquist, lead analyst at Google's Threat Intelligence Group, said the findings made it clear that the race to use artificial intelligence to find network vulnerabilities has "already begun."
“For every zero-day we can detect with AI, there are probably many more out there,” Hultquist said. “Malware users are using AI to increase the speed, scale and complexity of their attacks.”
Although the press releases will range from very select to rare, I said I'd pass...because sometimes the editors hide.
