"Google says it likely prevented a cyberattack in which hackers used AI to develop a zero-day vulnerability. According to the Google Threat Intelligence Group, the incident demonstrates how generative AI is increasingly shifting from a tool to an active component of cyberattacks. The researchers state that this is the first time they have observed an exploit that AI likely helped develop. It involved a vulnerability in a popular open-source web tool for system administration."
"This vulnerability allowed two-factor authentication to be bypassed, provided attackers already possessed valid login credentials. According to Google, cybercriminals intended to use the vulnerability for a large-scale attack campaign. The company says it intervened together with the vendor before the exploit was actively abused. Google has not disclosed which group was behind the attack. However, the company says it has no evidence that Gemini was used."
"According to Google, attackers are increasingly using AI for vulnerability research and exploit development. Groups linked to China and North Korea, in particular, are reportedly actively experimenting with AI models to detect software flaws. According to Google, attackers have models pose as security researchers or firmware experts to perform analyses on embedded systems and protocols. They also use datasets containing historical vulnerabilities to help models better reason about security flaws."
"In addition, Google observes that attackers are deploying agentic tools to partially automate research and exploit validation. This shifts AI from a passive assistant to a system that independently executes parts of offensive workflows. The report also describes malware that uses AI for obfuscation and autonomous task execution. Some malware families generate extra code with no direct function to make detection more difficult. Other variants dynamically adapt scripts or payloads to evade security software."
Google reports it likely prevented a cyberattack where hackers used AI to help develop a zero-day vulnerability. The vulnerability affected a widely used open-source system administration web tool and enabled bypassing two-factor authentication when attackers already had valid login credentials. Google says the attackers planned a large-scale campaign and that it worked with the vendor to intervene before active exploitation. Google has not identified the responsible group and says there is no evidence Gemini was used. The report also describes growing use of AI for vulnerability research, exploit development, and agentic automation. It further notes malware using AI for obfuscation and adaptive execution to evade detection.
#cybersecurity #generative-ai #zero-day-vulnerabilities #two-factor-authentication-bypass #threat-intelligence
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]