Security researchers at Alphabet Inc.'s Google have reported that a cybercrime group likely used artificial intelligence to develop a hacking tool capable of bypassing defenses in a widely used system administration tool. The scheme was foiled after Google alerted the tool's developer, who patched the vulnerability before hackers could deploy it against users, according to a report published Monday.
First AI-Generated Zero-Day Caught by Google
This incident marks the first time Google's Threat Intelligence Group has identified a hacker using an AI-generated zero-day vulnerability in such a manner. Zero-day vulnerabilities are flaws unknown to the software developer, leaving no time for defenders to patch them before potential exploitation. Google expressed high confidence that AI was used to discover and weaponize the exploit.
Details of the Attack
The hacking group employed an AI model to find a previously unknown flaw in a widely used tool for administering computer systems. This flaw could have allowed attackers to bypass multifactor authentication, a common security measure added to passwords, thereby gaining access to the internal networks of organizations using the software. Google alerted the developer, who fixed the issue before any users were compromised.
Google declined to name the cybercrime group, the affected software, or the specific large language model used in the attempted attack. However, a spokesperson stated that researchers do not believe the exploit was created using Anthropic PBC's Mythos or Google's own Gemini model. The company also would not disclose when the exploit was discovered, only noting it was recent.
Broader Implications
Anthropic had previously announced in April that it would not widely release its new model, Mythos, due to concerns that its ability to identify and exploit software flaws posed a national security risk. Since then, the White House has taken steps to address the potential malicious use of large language models, and government officials have held emergency meetings with technology and industry leaders.
Google researchers emphasized that their findings suggest such threats are already a reality. Businesses commonly use web-based system administration tools to configure and manage servers, websites, and applications remotely. These tools manage security settings, employee accounts, and permissions, making them critical targets for cyberattacks.
The report underscores the growing need for vigilance as AI capabilities advance, potentially enabling more sophisticated cyber threats in the future.
