Google's Threat Intelligence Group discovered cybercriminals successfully created a working zero-day exploit using AI assistance. The Python-based attack bypassed two-factor authentication in a popular web administration tool, showing clear signs of AI generation including educational code comments and textbook structure.
State-sponsored groups from China and North Korea are systematically using AI to find vulnerabilities at scale. Most alarming is PROMPTSPY, an Android backdoor that integrates Google's Gemini API to autonomously navigate victim devices through AI-generated commands.
Russian hackers deployed AI-enabled malware with LLM-generated decoy code to fool security analyzers. Criminal groups are building sophisticated systems to bypass AI safety measures and exploit stolen credentials through ransomware partnerships.
Google responded by disabling malicious accounts and deploying defensive AI agents to identify and patch vulnerabilities automatically.
Source: Cybersecurity News