Google has reported that it prevented a cyberattack that relied on a zero-day vulnerability discovered using AI techniques. The Google Threat Intelligence Group made this information public, although it did not provide many details. The vulnerability was found in a Python script that could have allowed users to bypass the two-factor authentication of a widely used open-source web-based system administration tool.
The details of the vulnerability were disclosed to the affected vendor as part of a Responsible Disclosure process, and the associated activities were halted. Google believes that the vulnerability was not discovered using its own AI model, Gemini. However, the security team has no direct evidence that the vulnerability was found with AI assistance, but they infer this from certain indications.
The malicious code contained numerous informative details, a fictitious CVSS score, and a structured, textbook-like Python format typical of training data for generative language models. This type of vulnerability is difficult to detect with conventional tools, while AI models are particularly effective at identifying such weaknesses.
Google's announcement suggests that a new wave of AI-driven cyberattacks may have begun. This has been a topic of warnings for weeks, and it remains unclear how long this threat could persist. The AI model Claude Mythos Preview, considered particularly powerful in finding vulnerabilities, is not publicly released but is made available only to select companies to enhance IT security.
