Hackers Use AI to Find and Exploit Zero-Day Software Flaw, Google Reports

Google's Threat Intelligence Group has confirmed the first known instance of criminal hackers using an AI model to discover and exploit a zero-day software vulnerability. The attackers used the flaw to attempt a widespread attack that bypassed two-factor authentication.

Google researchers said they have high confidence that AI played a direct role in both identifying the vulnerability and weaponizing it. The disclosure, reported by Bloomberg and confirmed by Google on May 13, 2026, marks a significant escalation in the use of AI for offensive cyber operations.

Zero-day vulnerabilities are software flaws that are unknown to the vendor and have no available patch. Discovering them has historically required significant technical skill and resources, limiting such attacks mainly to nation-states and highly sophisticated criminal groups. AI tools are now lowering that barrier.

Google stated that AI-powered hacking has escalated into an industrial-scale threat within three months. Criminal groups and state-linked actors from China, North Korea, and Russia are reportedly using commercial AI models, including Gemini, Claude, and OpenAI tools, to refine and scale up attacks.

The incident has major implications for cybersecurity infrastructure and AI model safeguards. Security researchers say platforms need to move faster on defensive innovation and implement stricter controls on how AI tools can be used for offensive operations.

In response, OpenAI launched "Daybreak," a security-focused AI tool integrating GPT-5.5-Cyber and Codex Security to help organizations detect and patch vulnerabilities faster.

Cybersecurity experts recommend that organizations prioritize patching known vulnerabilities, implement multi-layered authentication, and monitor for unusual network activity.