AI used to develop working zero-day exploit, researchers warn - Cybersecurity Dive

AI used to develop working zero-day exploit, researchers warn A report by GTIG shows threat groups are increasingly leveraging AI to scale attacks. The exploitation attempt was disclosed and patched, preventing a mass incident. Published May 11, 2026 David Jones Reporter Share License Add us on Google MF3d via Getty Images A threat actor was able to leverage AI to develop a working zero-day exploit, in what is believed to be the first such successful use of the technology, according to a report released Monday by Google Threat Intelligence Group (GTIG).  The effort was an attempt to launch a mass exploitation event, the report read, but ultimately was unsuccessful, as Google discovered it before the vulnerability was weaponized.  GTIG notified the developer of the exploit and a patch was issued to address the potential threat. Researchers do not believe that Mythos was used in the development process.  “AI can review the underlying logic, context, and flow of code at scale to discover vulnerabilities, John Hultquist, chief analyst at GTIG told Cybersecurity Dive, via email. “It can also be used to build working exploits which are a significant hurdle.” The incident highlights a growing trend by state-linked and financially motivated threat groups using AI to scale and accelerate hacking campaigns and exploit flaws in widely used applications. GTIG researchers caution they have seen several other attempts to use AI to develop exploits and expect there will be other operations employing a variety of models.  Threat groups affiliated with North Korea and China have shown significant interest in exploiting AI to discover vulnerabilities, according to the GTIG report.  For example, a North Korea-linked hacker tracked as APT45 has used AI to analyze a wide range of vulnerabilities using thousands of repetitive prompts and validate proof of concept exploits, the report stated.   In a recent case involving criminal actors, a group of hackers joined forces to plan a mass exploitation operation. A zero-day vulnerability was implemented in a Python script, which enabled the hacker to bypass two-factor authentication on a widely used open-source system administration tool, GTIG said.  Researchers worked with the vendor to disclose the vulnerability and disrupt the operation.  The report follows an attempt by an unknown hacker to breach a Mexican water utility using widely used AI tools, including Claude.  Add us on Google Share PURCHASE LICENSING RIGHTS Filed Under: Vulnerability, Threats