Google Detects First Zero-Day Exploit Created by Artificial Intelligence

The Google Threat Intelligence Group has published an alarming report confirming a grim milestone in cybersecurity history: the detection of the first "zero-day" exploit with clear evidence of being developed and weaponized by Artificial Intelligence. This discovery indicates that hackers’ use of language models (LLMs) has moved from experimental to industrial scale.

The AI "DNA" in Malicious Code

Google researchers identified an attack script designed to bypass two-factor authentication (2FA) in a popular open-source tool. The attention-grabbing aspect wasn't just the effectiveness but the code’s structure: it featured extremely detailed and polished docstrings (documentation comments), typical of responses from LLMs like GPT-4 or Gemini.

Even more impressive was the presence of a technical "hallucination": the code included a fabricated CVSS score (a system that measures the severity of vulnerabilities), something a human developer would rarely do, but a common mistake for generative AIs when attempting to categorize the exploit's danger.

China and North Korea Leading the Charge

The report details how nation-states are accelerating this arms race. China is training AI models with the wooyun-legacy dataset, which contains the history of more than 85,000 real vulnerabilities, enabling systems to automatically detect flaws in modern infrastructures.

Meanwhile, North Korea (APT45 group) has been spotted using massive recursive prompts to validate proof-of-concept (PoCs) exploits. The emergence of PROMPTSPY, a new category of autonomous malware, was also highlighted: it's a virus using AI to interpret the victim’s system state in real-time and generate dynamic attack commands, making detection by traditional antivirus software nearly impossible.

Big Sleep: Google's Counteroffensive

To combat the threat, Google revealed progress on Big Sleep (formerly known as Project Naptime). This defensive AI agent is designed to act as an autonomous security researcher, finding and suggesting fixes for critical vulnerabilities before they are discovered by malicious actors.

Google also announced CodeMender, a tool that helps developers instantly apply AI-suggested security patches. "We are in a speed race," the report states. "Defense must be as autonomous and intelligent as the attack if we are to maintain the integrity of the global internet."