"Google’s Threat Intelligence Group (GTIG) said it discovered, for the first time ever, a threat actor using a zero-day exploit that it believes was developed by AI. Zero-day vulnerabilities are often the most dangerous since they're unknown to the targets, leaving them with zero days to prepare for the attack."
"Google said in the report the threat actor was planning to use it in a "mass exploitation event," but its proactive discovery "may have prevented its use." Google added that it doesn't believe its own Gemini models were used, but still has "high confidence" an AI model was part of discovering the vulnerability and weaponizing an exploit."
"The GTIG report didn't identify the target but said Google notified the unnamed company, who then patched the issue. Google didn't reveal the bad actors either, but hinted at those associated with China and North Korea having shown "significant interest" in using AI for exploiting security vulnerabilities."
"Google said in its report that threat actors have been using AI in different stages of a cyberattack, but that "AI can also be a powerful tool for defenders." Like Google, other companies are using AI models to power preventative measures. Last month, Anthropic announced Project Glasswing, an initiative tasked with using Claude Mythos Preview to find and defend against "high-severity vulnerabilities.""
Google’s Threat Intelligence Group identified a threat actor using a zero-day exploit believed to have been developed with AI. Zero-day vulnerabilities are especially dangerous because they are unknown to targets, leaving no time to prepare. The actor planned a mass exploitation event, but proactive discovery may have prevented use. Google notified an unnamed company, which patched the issue, and Google did not believe its Gemini models were involved while maintaining high confidence that an AI model contributed to discovering and weaponizing the exploit. The report did not name targets or attackers, but suggested actors linked to China and North Korea have shown significant interest in AI-driven exploitation. AI is also being used for defense, including Anthropic’s Project Glasswing to find and defend against high-severity vulnerabilities.
Read at Engadget
Unable to calculate read time
Collection
[
|
...
]