AI-powered hacking becomes industrial-scale threat, Google warns

Google’s threat intelligence arm says AI-powered hacking has moved rapidly from an experimental problem to an industrial-scale threat in roughly three months, and the company disrupted a planned zero-day exploitation before it could be weaponized at scale.

According to Google, the threatened campaign targeted a widely used system-administration tool and attempted to bypass two-factor authentication using a previously unknown vulnerability; Google notified the affected vendor and law enforcement and was able to intervene before a mass exploitation event occurred. Investigators found evidence that attackers used a large language model (LLM) to discover and refine the exploit, though Google did not identify the specific model.

The implications for technology providers, cloud operators and financial firms are immediate: generative AI’s efficiency at coding and vulnerability discovery raises the speed and scale of potential intrusions, increasing the burden on patching processes and incident response. Firms will likely accelerate risk assessments, tighten access controls and expand threat-sharing with peers and government agencies.

In the broader context, Google’s report aligns with prior GTIG findings showing criminal groups and state-linked actors are experimenting with and adopting commercial AI models to automate reconnaissance, craft malware and orchestrate attacks. The trend includes attempts at model extraction and weaponizing AI to create more persistent and scalable attack workflows.

Security analysts say defenders will also deploy AI to improve detection and remediation, but warn of a transitional period in which risk rises while systems are hardened. In the near term, expect increased investment in secure development lifecycles, accelerated patch deployment, and stronger public-private coordination; in the medium term, debates over model vetting, access controls and regulatory oversight are likely to intensify.