惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
Security Latest
Security Latest
P
Privacy International News Feed
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
AI
AI
Cisco Talos Blog
Cisco Talos Blog
K
Kaspersky official blog
S
Secure Thoughts
PCI Perspectives
PCI Perspectives
Simon Willison's Weblog
Simon Willison's Weblog
D
DataBreaches.Net
GbyAI
GbyAI
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
大猫的无限游戏
大猫的无限游戏
T
Tailwind CSS Blog
The Cloudflare Blog
阮一峰的网络日志
阮一峰的网络日志
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
罗磊的独立博客
V
Visual Studio Blog
aimingoo的专栏
aimingoo的专栏
H
Hackread – Cybersecurity News, Data Breaches, AI and More
IT之家
IT之家
V
V2EX
Last Week in AI
Last Week in AI
有赞技术团队
有赞技术团队
月光博客
月光博客
酷 壳 – CoolShell
酷 壳 – CoolShell
T
Tenable Blog
T
Threat Research - Cisco Blogs
T
Troy Hunt's Blog
V2EX - 技术
V2EX - 技术
S
Security @ Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
Project Zero
Project Zero
The GitHub Blog
The GitHub Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
L
Lohrmann on Cybersecurity
F
Full Disclosure
H
Help Net Security
博客园 - Franky
Stack Overflow Blog
Stack Overflow Blog
N
Netflix TechBlog - Medium
Engineering at Meta
Engineering at Meta
A
Arctic Wolf
O
OpenAI News
S
Securelist

Futurism

Meta’s AI Support Bot Is Giving Hackers Access to Other People’s Instagram Accounts Just by Asking Websites Are Spying on Your Solid State Drive The MyPillow Guy’s Entire Business is Being Held Hostage by Hackers Riot Games Denies Using Anti-Cheat Software That Bricks Hackers’ Computers The Trump Phone Appears to Have Already Leaked Its Customers’ Personal Information Through a Glaring Exploit College Kid Shuts Down High Speed Trains With a Laptop and a Radio Vibe Coded Apps Are Spilling Users’ Personal Information Directly Into the Maw of Greedy Hackers Scammers Furious That Their Fellow Criminals Are Using AI, Saying It’s Unethical How to Get Rid of Reddit’s Giant App-Shilling Popup That Breaks Its Entire Mobile Site Ransomware Negotiator Pleads Guilty to Deploying Ransomware Himself Your Former Employer Is Selling Your Slacks and Emails to Train AI Madison Square Garden Reportedly Used Facial Recognition to Stalk Trans Woman For Two Years Top Security Experts Alarmed by Power of Anthropic’s New Hacker AI Companies Just Learned a Brutal Lesson About Training AI to Do Human Jobs Huge Group of Experts Warns Meta That Its Pervert Glasses Will Enable Terrible Crimes The Fact That Anthropic Has Been Boasting About How Much Its Development Now Relies on Claude Makes It Very Interesting That It Just Suffered a Catastrophic Leak of Its Source Code
Google Alarmed by Formidable AI-Powered Zero-Day Cyberattack
Frank Landym · 2026-05-12 · via Futurism

Google logo sign mounted on a teal-colored building facade with a bright yellow background. The letters are in the classic Google colors: blue, red, yellow, blue, and red.

Illustration by Tag Hartman-Simkins / Futurism. Source: Getty Images

Sign up to see the future, today

Can’t-miss innovations from the bleeding edge of science and tech

Google was rattled by a cyberattack that used AI to unearth a major flaw in its software that its own developers had no idea about.

The attack, which the New York Times reports was ultimately thwarted, was revealed by researchers at the tech giant on Monday. Their report didn’t specify who the actors behind it might be or when it occurred, but it was clear about what cutting-edge technology was at the heart of it.

“We have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability,” reads the report.

Google said the hackers used AI to identify what’s known as a zero-day vulnerability, a flaw in a piece of software that wasn’t previously known to its developers. When exploited, they leave the developers on the back foot, as the hackers are free to wreak havoc until the white hats figure out how to plug the hole. 

In this case, the zero-day bug would’ve allowed the hackers to bypass two-factor authentication on an unspecified “popular open-source, web-based system administration tool,” but only if the attackers knew a person’s user name and password. Given that two-factor authentication is the last meaningful line of defense for most users, and that their passwords are likely weak if they weren’t already leaked online in the first place, the ability to sidestep it could’ve been catastrophic even if the hackers weren’t armed with that information.

“The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use,” the report stated.

The researchers said this was the first example of a zero-day vulnerability being exploited by hackers that was developed with AI.

“It’s a taste of what’s to come,” John Hultquist, the chief analyst at Google Threat Intelligence Group, which published the report, told the NYT. “We believe this is the tip of the iceberg. This problem is probably much bigger; this is just the first tangible evidence that we can see.”

The attack will add to the atmosphere of unease around AI’s implications for cybersecurity, particularly with the release of Anthropic’s Claude Mythos model last month. Anthropic claimed that the AI system could find zero-day vulnerabilities “in every major operating system and every major web browser when directed by a user to do so,” a capability so potentially devastating that the company made a show of only sharing the model with a select group of companies and government agencies. Its rollout has drawn alarm from government leaders and security experts alike.

AI’s cybersecurity threat derives from its much-touted and ever-improving ability to write and parse code, which is being rapidly embraced by businesses across the tech and financial sectors. Like AI prose, AI code bears its own hallmarks, albeit more subtle. The Google researchers found that hacker’s malware contained an abundance of annotations that explain its code called docstrings, some hallucinated text, and “a structured, textbook Pythonic format highly characteristic of LLMs training data.”

More on AI: Vibe Coded Apps Are Spilling Users’ Personal Information Directly Into the Maw of Greedy Hackers