惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

博客园_首页
N
News and Events Feed by Topic
P
Privacy International News Feed
The Hacker News
The Hacker News
Schneier on Security
Schneier on Security
C
Cybersecurity and Infrastructure Security Agency CISA
Security Latest
Security Latest
L
LINUX DO - 最新话题
阮一峰的网络日志
阮一峰的网络日志
Cisco Talos Blog
Cisco Talos Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Simon Willison's Weblog
Simon Willison's Weblog
The Cloudflare Blog
博客园 - 【当耐特】
博客园 - Franky
P
Privacy & Cybersecurity Law Blog
Attack and Defense Labs
Attack and Defense Labs
云风的 BLOG
云风的 BLOG
月光博客
月光博客
D
Docker
Webroot Blog
Webroot Blog
The GitHub Blog
The GitHub Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
W
WeLiveSecurity
S
Security Affairs
Martin Fowler
Martin Fowler
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Security Archives - TechRepublic
Security Archives - TechRepublic
Microsoft Azure Blog
Microsoft Azure Blog
C
CERT Recently Published Vulnerability Notes
B
Blog
L
Lohrmann on Cybersecurity
T
Threatpost
量子位
S
Schneier on Security
V
Visual Studio Blog
S
Securelist
T
The Exploit Database - CXSecurity.com
Scott Helme
Scott Helme
V
Vulnerabilities – Threatpost
aimingoo的专栏
aimingoo的专栏
The Register - Security
The Register - Security
I
Intezer
Stack Overflow Blog
Stack Overflow Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
博客园 - 聂微东
小众软件
小众软件
罗磊的独立博客
雷峰网
雷峰网
Recorded Future
Recorded Future

Futurism

Meta’s AI Support Bot Is Giving Hackers Access to Other People’s Instagram Accounts Just by Asking Websites Are Spying on Your Solid State Drive The MyPillow Guy’s Entire Business is Being Held Hostage by Hackers Riot Games Denies Using Anti-Cheat Software That Bricks Hackers’ Computers The Trump Phone Appears to Have Already Leaked Its Customers’ Personal Information Through a Glaring Exploit College Kid Shuts Down High Speed Trains With a Laptop and a Radio Vibe Coded Apps Are Spilling Users’ Personal Information Directly Into the Maw of Greedy Hackers Scammers Furious That Their Fellow Criminals Are Using AI, Saying It’s Unethical How to Get Rid of Reddit’s Giant App-Shilling Popup That Breaks Its Entire Mobile Site Ransomware Negotiator Pleads Guilty to Deploying Ransomware Himself Your Former Employer Is Selling Your Slacks and Emails to Train AI Madison Square Garden Reportedly Used Facial Recognition to Stalk Trans Woman For Two Years Top Security Experts Alarmed by Power of Anthropic’s New Hacker AI Companies Just Learned a Brutal Lesson About Training AI to Do Human Jobs Huge Group of Experts Warns Meta That Its Pervert Glasses Will Enable Terrible Crimes The Fact That Anthropic Has Been Boasting About How Much Its Development Now Relies on Claude Makes It Very Interesting That It Just Suffered a Catastrophic Leak of Its Source Code
Google Alarmed by Formidable AI-Powered Zero-Day Cyberattack
Frank Landym · 2026-05-12 · via Futurism

Google logo sign mounted on a teal-colored building facade with a bright yellow background. The letters are in the classic Google colors: blue, red, yellow, blue, and red.

Illustration by Tag Hartman-Simkins / Futurism. Source: Getty Images

Sign up to see the future, today

Can’t-miss innovations from the bleeding edge of science and tech

Google was rattled by a cyberattack that used AI to unearth a major flaw in its software that its own developers had no idea about.

The attack, which the New York Times reports was ultimately thwarted, was revealed by researchers at the tech giant on Monday. Their report didn’t specify who the actors behind it might be or when it occurred, but it was clear about what cutting-edge technology was at the heart of it.

“We have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability,” reads the report.

Google said the hackers used AI to identify what’s known as a zero-day vulnerability, a flaw in a piece of software that wasn’t previously known to its developers. When exploited, they leave the developers on the back foot, as the hackers are free to wreak havoc until the white hats figure out how to plug the hole. 

In this case, the zero-day bug would’ve allowed the hackers to bypass two-factor authentication on an unspecified “popular open-source, web-based system administration tool,” but only if the attackers knew a person’s user name and password. Given that two-factor authentication is the last meaningful line of defense for most users, and that their passwords are likely weak if they weren’t already leaked online in the first place, the ability to sidestep it could’ve been catastrophic even if the hackers weren’t armed with that information.

“The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use,” the report stated.

The researchers said this was the first example of a zero-day vulnerability being exploited by hackers that was developed with AI.

“It’s a taste of what’s to come,” John Hultquist, the chief analyst at Google Threat Intelligence Group, which published the report, told the NYT. “We believe this is the tip of the iceberg. This problem is probably much bigger; this is just the first tangible evidence that we can see.”

The attack will add to the atmosphere of unease around AI’s implications for cybersecurity, particularly with the release of Anthropic’s Claude Mythos model last month. Anthropic claimed that the AI system could find zero-day vulnerabilities “in every major operating system and every major web browser when directed by a user to do so,” a capability so potentially devastating that the company made a show of only sharing the model with a select group of companies and government agencies. Its rollout has drawn alarm from government leaders and security experts alike.

AI’s cybersecurity threat derives from its much-touted and ever-improving ability to write and parse code, which is being rapidly embraced by businesses across the tech and financial sectors. Like AI prose, AI code bears its own hallmarks, albeit more subtle. The Google researchers found that hacker’s malware contained an abundance of annotations that explain its code called docstrings, some hallucinated text, and “a structured, textbook Pythonic format highly characteristic of LLMs training data.”

More on AI: Vibe Coded Apps Are Spilling Users’ Personal Information Directly Into the Maw of Greedy Hackers