Google Reports First Known Case of Criminal Hackers Using AI to Build a Zero-Day Exploit
Google's Threat Intelligence Group reported in May 2026 the first known instance of criminal hackers using an AI model to discover and weaponize a zero-day vulnerability. The finding raises new concerns about the pace of AI-assisted cyberattacks. Security researchers say the development could force faster defensive innovation across the industry.
Google's Threat Intelligence Group reported in May 2026 the first known case of criminal hackers using an artificial intelligence model to discover and weaponize a zero-day vulnerability.
Zero-day vulnerabilities are software flaws that are unknown to the vendor and have no available patch. They are among the most valuable tools in a hacker's arsenal. Historically, finding and exploiting them has required significant technical skill and time.
The Google report found that criminal actors, not just nation-state hackers, used an AI model to identify a previously unknown flaw and build a working exploit. The specific vulnerability and the AI model used were not publicly disclosed in the initial report.
Security researchers say the development marks a significant shift. AI tools have been used in cybersecurity research for years, but their use by criminal groups to automate the discovery of zero-day flaws is a new and concerning development.
The finding was reported alongside news that OpenAI launched a security-focused AI tool called Daybreak, which integrates GPT-5.5-Cyber and Codex Security to help organizations detect and patch vulnerabilities faster. Anthropic's upcoming AI model, Mythos, has already helped Mozilla identify high-severity bugs in Firefox.
A Pentagon cyber official stated that advanced AI models could "fundamentally change warfare," particularly in cyber operations. The White House has emphasized that identity security is critical as AI becomes embedded in federal systems.
The Foxconn ransomware attack, carried out by the Nitrogen group in May 2026, claimed to have stolen over 11 million files from the company's North American factories, including confidential customer schematics. The attack highlighted vulnerabilities in electronics manufacturing supply chains.
Security experts are calling on organizations to accelerate patching cycles, invest in AI-powered defenses, and conduct regular vulnerability assessments. The window between a vulnerability's discovery and its exploitation is shrinking as AI tools make the process faster for attackers.
