The Google Threat Intelligence Group has unveiled a report titled “AI Threat Tracker,” highlighting the extensive use of artificial intelligence by cybercriminals. This report reveals the emergence of AI-developed zero-day vulnerabilities, with attackers utilizing AI models to bypass two-factor authentication. Although initial attempts faced technical setbacks, the discovery indicates numerous undisclosed AI-driven attack operations.
State-sponsored entities from China and North Korea are at the forefront, employing AI to discover security weaknesses and enhance their cyber arsenals. North Korean group APT45 and Chinese actors like UNC2814 are using AI to validate and exploit vulnerabilities, particularly in hardware such as routers.
Moreover, threat actors are integrating AI tools into their operations, enabling them to scale attacks significantly. Examples include the PROMPTSPY Android backdoor, which autonomously navigates user interfaces and blocks uninstallation attempts, and Russian operations using AI for malware refinement and disinformation campaigns.
The report emphasizes the urgent need for advanced security measures against AI-driven threats. Google’s innovations, such as the “Big Sleep” AI agent and “CodeMender,” aim to detect and rectify vulnerabilities before exploitation. As AI continues to transform cyber threats, organizations must adopt AI-native security strategies to protect against sophisticated attacks.

