Criminal hackers have reached a new milestone by using AI to uncover and exploit a zero-day vulnerability in a widely used open-source web administration tool. This marks the first confirmed instance where AI has been employed to identify and weaponize such a flaw, posing a significant threat to business backend systems. Google’s Threat Intelligence Group identified machine-generated code within the malicious Python script, characterized by excessive comments and verbose structure, suggesting AI involvement. While the exploit bypassed two-factor authentication, valid credentials were still necessary for access. This development highlights the growing use of AI by state actors and criminal organizations throughout the cyberattack lifecycle. The International Monetary Fund has raised concerns about the potential for AI to lower barriers to cyberattacks, risking global financial instability. Security experts warn this is just the beginning of AI-assisted cyber warfare, with the potential for exponential growth in such threats. Google managed to prevent widespread exploitation by detecting the vulnerability early and working with the affected vendor to issue patches. However, the ongoing cybersecurity battle is intensifying as both attackers and defenders leverage AI technology.
Are Criminal Hackers Using AI to Exploit Zero-Day Vulnerabilities?
