Cybercriminals have leveraged artificial intelligence to identify and exploit a zero-day vulnerability for the first time, marking a significant development in the cyber threat landscape. A recent report highlights how prominent cybercrime groups collaborated to execute a large-scale vulnerability exploitation operation. Using AI, these actors identified a zero-day flaw and used it to bypass two-factor authentication on a widely-used open-source system administration tool. The vulnerability was addressed in collaboration with the tool’s vendor, preventing its exploitation. This incident is the first confirmed case of AI being used to discover and weaponize a zero-day vulnerability. Although neither Google’s Gemini AI nor Anthropic Mythos were used, the code bore signs of AI generation, such as structured docstrings and a fabricated CVSS score. Despite the disruption of this campaign, the event signals the rapid evolution of AI-driven threats. Experts warn that while there is a belief that AI vulnerabilities are a future concern, they are already present. AI is increasingly used by hackers, including nation-state actors from China and North Korea, for vulnerability discovery and malware development. Cybercriminals are exploiting AI to enhance the efficiency and sophistication of their operations, conducting research and troubleshooting with the help of large language models. The use of AI allows them to allocate more resources to complex operations, improving the speed and scale of their attacks. While state actors are significant players in this domain, the threat from criminal groups remains substantial.
Are Hackers Now Using AI to Create Zero-Day Vulnerabilities?
