Google says it stopped a mass cyberattack after AI was used to discover a zero-day exploit

Google says it stopped a mass cyberattack after AI was used to discover a zero-day exploit Matthias Bastian View the LinkedIn Profile of Matthias Bastian May 12, 2026 A new report from Google's Threat Intelligence Group (GTIG) details how attackers are using AI at scale for cyberattacks. For the first time, GTIG identified a threat actor who reportedly used AI to discover and weaponize a zero-day vulnerability. Google says it stopped the planned mass attack. Comparison of vulnerability discovery tools: According to Google, frontier LLMs are especially effective as general-purpose tools, with capabilities that keep growing. | Source: Google Cloud Blog / GTIG State-backed actors from China and North Korea are also using AI to hunt for vulnerabilities. The report highlights the GitHub project "wooyun-legacy," a Claude plugin with over 85,000 real vulnerability cases from the Chinese platform WooYun, built to help AI models analyze code more effectively. Russia-linked groups are embedding AI-generated obfuscation code in malware: the Android malware PROMPTSPY, for example, uses the Gemini API to control devices autonomously. Criminal groups like "TeamPCP" are also targeting AI supply chains, going after popular open-source packages, Google says. Google has developed its own AI-based countermeasures, among them Big Sleep and CodeMender . The full report is available here . Ad DEC_D_Incontent-1 Ad AI News Without the Hype – Curated by Humans Subscribe to THE DECODER for ad-free reading, a weekly AI newsletter, our exclusive "AI Radar" frontier report six times a year, full archive access, and access to our comment section. Subscribe now Source: Google Cloud