Google Reports First-Ever AI-Built Zero-Day Attack Disrupted in the Wild

Google's Threat Intelligence Group has disrupted what it describes as the first known zero-day attack built with AI. According to Bloomberg, security researchers at Alphabet believe a cybercrime group used artificial intelligence to create a hacking tool capable of bypassing defenses in a widely-used system administration tool. The Verge reported that Google spotted and stopped the exploit before it could be deployed, marking a significant milestone in AI-driven cybersecurity threats.

The attack represents the crossing of a threshold that security experts have anticipated for years. Fortune characterized the event as the realization of a dire warning, with one source quoted as saying "the world might actually be more dangerous." The incident moves AI-assisted hacking from theoretical concern to documented reality.

Google's disclosure comes amid broader findings about AI misuse by threat actors. The company has separately documented state-sponsored hackers from Iran, North Korea, China, and Russia using AI models including Google's own Gemini for reconnaissance, malware development, and phishing campaigns. The convergence of criminal and state-level AI adoption suggests a rapid acceleration of the threat landscape that defenders must now confront.

Google's own AI systems played a central role in detecting the threat. The company's Big Sleep AI framework, an LLM-based vulnerability research tool, discovered a critical security flaw designated CVE-2025-6965 that hackers had kept secret and were preparing to exploit. Therecord reported that Google said the vulnerability was "only known to threat actors and was at risk of being exploited."

Big Sleep evolved from earlier Google research into AI-assisted vulnerability detection. The Hacker News noted that the framework had previously uncovered a zero-day vulnerability in the SQLite database engine, demonstrating the tool's capability to find flaws in widely deployed software. This latest detection represents a shift from finding unpatched vulnerabilities in open source projects to identifying actively weaponized zero-days in the wild.

The discovery creates an ironic symmetry: AI detecting AI-built attacks. Google's defensive AI spotted the vulnerability before the offensive AI could fully deploy it, suggesting a possible arms race dynamic where detection and attack capabilities evolve in parallel. Whether this parity can be maintained as attack tools improve remains an open question.

This single incident fits into a larger pattern that Google and other security researchers have been tracking. Cyberscoop reported that state-sponsored hackers are now using AI at "all stages" of the attack cycle, from initial reconnaissance through malware refinement. The research found evidence of advanced persistent threat groups leveraging AI tools to automate tasks that previously required significant human expertise.

SiliconANGLE detailed how state-based hackers use AI for research and content generation, lowering barriers to entry for sophisticated operations. The Artificial Intelligence News report from February 2026 documented Iranian, North Korean, Chinese, and Russian actors specifically using models like Gemini to craft phishing campaigns and develop malware.

TechRadar noted that Google tracked 90 zero-day exploits in 2025, with enterprise systems increasingly targeted over browsers. The publication warned that AI is expected to accelerate both attack and defense cycles, compressing the window between vulnerability discovery and exploitation. Google's own predictions from late 2023, reported by CSHub, anticipated generative AI would enhance social engineering and lead to more zero-day vulnerabilities employed by nation-state and criminal groups.

Organizations face a transformed threat environment where AI lowers the skill threshold for sophisticated attacks while simultaneously offering defensive capabilities. The Forbes coverage of Google's Chrome zero-day alerts affecting 3.5 billion users illustrates how widely deployed software remains vulnerable, and how AI-assisted attackers can target massive user bases with refined exploits.

Enterprises must now assume that threat actors have access to AI tools comparable to their own. The asymmetry that previously favored defenders with greater resources and expertise is narrowing. Google's Big Sleep detection offers a model for how AI-assisted defense might keep pace, but deployment of such tools at scale remains limited to organizations with Google's technical resources.

The incident also raises questions about supply chain security. The targeted system administration tool was widely used, meaning a successful exploit would have cascaded through numerous organizations. As AI makes vulnerability discovery faster, the pressure on vendors to patch promptly intensifies. The traditional model of responsible disclosure may struggle to keep pace with AI-accelerated exploitation timelines.

Despite Google's confident public statements, important questions about the AI-built zero-day remain unresolved. The company has not publicly released technical details that would allow independent verification of the AI's role in constructing the exploit. Security researchers will need to assess whether the AI contribution was decisive or ancillary to human attacker capabilities.

The distinction matters for threat assessment. An AI that merely assisted a skilled human attacker suggests different defensive priorities than an AI capable of autonomous vulnerability discovery and weaponization. Google's framing emphasizes the AI dimension, which serves the company's narrative about both the severity of emerging threats and the necessity of its own AI-powered defensive tools.

Bloomberg's careful language, "researchers say they believe," indicates some residual uncertainty in the attribution. The Verge and Fortune adopted more definitive framing. This gap between measured technical assessment and headline-ready certainty is worth noting as the story develops.

The Google disclosure likely marks the beginning of a new phase rather than an isolated incident. Security vendors will accelerate AI-assisted detection tool development. Microsoft's security division, SentinelOne, CrowdStrike, and other major players have comparable research programs that will now face pressure to demonstrate equivalent capabilities.

Regulatory attention to AI cybersecurity will intensify. The European Union's AI Act and emerging US frameworks will need to address weaponization risks without constraining defensive applications. The dual-use nature of AI vulnerability research, identical tools serving both attack and defense, complicates straightforward policy responses.

Google's strategic positioning deserves attention. By publicizing both the AI-built attack and its AI-powered detection, the company advances its case for AI investment while deflecting criticism about Gemini's misuse by hostile actors. Whether this balance can be maintained as AI attack tools proliferate remains to be seen. The race between AI-powered offense and defense has begun in earnest.