A new warning from Google is reshaping how cyber risk is understood: artificial intelligence is no longer only helping defenders analyze threats, but is also being used to speed up offensive operations. The company says AI has now been employed to support zero-day exploitation and to prepare mass attacks at scale.
Google Threat Intelligence Group has identified signs of a global internet attack plan built around AI-developed exploits. That matters because zero-day flaws are especially dangerous before they are publicly known, leaving victims exposed with little or no warning.
AI is moving from support tool to attack accelerator
Google says the pattern it observed shows a major shift in cybercrime. AI is no longer limited to assisting technical analysis, and is now being used earlier in the attack chain to search for weak points and help write code that can be deployed offensively.
The company believes another AI model, not Gemini, played a critical role in the process. According to Google, that model helped from the earliest stages of the operation, including finding vulnerabilities and preparing attack code.
The attack was stopped before it could spread
Google said its security teams detected the threat before the mass attack plan moved much further. Early intervention is considered crucial because it likely prevented serious damage that could have affected thousands of users.
The targeted company has not been named. Google said that decision was made to protect ongoing remediation work, but confirmed that the affected organization had been notified and quickly applied patches to close the security gap.
State-linked interest is also emerging
Google also pointed to signs that hackers linked to specific governments are paying close attention to AI. Groups associated with China and North Korea are described as showing strong interest in using the technology to break into global systems.
That interest adds another layer to the risk, since AI can help attackers move faster, automate more steps, and scale their operations beyond what manual methods allow. The result is a more efficient attack process that is harder to spot with conventional defenses.
Defenders are racing to keep up
Despite the warning, Google stressed that AI remains a key tool for cybersecurity defense. Technology companies are increasingly developing internal AI systems to detect intrusions before attackers can advance further.
The competitive pressure is already visible. Anthropic has launched Project Glasswing with Claude Mythos Preview to hunt for high-level vulnerabilities, showing how defense teams are also turning to advanced models to stay ahead.
John Hultquist, chief analyst at GTIG, said the incident is only the beginning. He described it as the tip of the iceberg and said it is the first clear evidence that AI has shifted from a productivity tool into a weapon for malicious actors.
Hultquist added that the rapid growth of AI models will likely make misuse more common. He warned that cybersecurity teams should prepare for attacks that are more automated, faster, and more difficult to detect using traditional methods.
For now, the message from Google is blunt: the age of AI-assisted cyberattacks has already started, and the balance between attack and defense will increasingly depend on which side can use the technology more effectively.
Source: id.mashable.com