Google Spots First AI-Built Exploit Being Used in Real Attacks

Google's threat intelligence team has found what appears to be the first zero-day exploit—a security flaw unknown to the software maker—that was created using artificial intelligence and actually used by attackers in the real world. Google discovered it early enough to stop the attack before it did widespread harm.

This finding matters because it's the first confirmed case of an AI system being used to develop a new, weaponized security flaw. At the same time, Google itself is deploying AI systems to find and patch vulnerabilities faster than human teams ever could. The story is less about one side winning and more about how both attackers and defenders are now using AI to raise their game.

More Holes, More Pressure

Google's researchers tracked 97 zero-day exploits that were actually used to attack systems in 2023. Three-quarters of those targeted Google products or Android devices. Most of them came from commercial surveillance vendors—companies that find security flaws and sell them to governments and law enforcement.

This analysis came from a new partnership between two of Google's threat teams, Threat Analysis Group and Mandiant, which combined their data to get a clearer picture of who is attacking what and why. The scale of the problem hasn't changed overnight, but the pace has only quickened.

Historically, we have seen this pattern before. When exploit kits first appeared in the early 2000s, they automated vulnerability research work that had previously required specialized knowledge. That made advanced attacks possible for less-skilled threat actors. AI-developed exploits represent the same kind of evolution—a tool that takes what used to be manual work and automates it.

AI on Defense

Google has built two AI systems to fight back. One called Big Sleep automatically scans software code to find exploitable weaknesses, using machine learning trained on known vulnerabilities. The other, CodeMender, generates and tests patches for those flaws, cutting fix time from weeks down to hours.

These systems don't replace human security experts. Instead, they let a small team of experts handle far more vulnerabilities than they could manage by hand. It's the same principle that has allowed farms and factories to scale with automation—the machines handle volume, humans handle judgment.

Google is also using a system called Binary Transparency on Android, which creates a cryptographic record (think of it as a tamper-proof ledger) of which apps Google has officially released. That makes it harder for attackers to sneak malicious software into the supply chain undetected.

The Industry Is Watching Closely

OpenAI warned separately that its newest AI models carry a "high" cybersecurity risk. The concern is that advanced language models might be able to research vulnerabilities, write exploits, and find ways to move laterally through a company's network—all the complex steps of a sophisticated cyberattack—faster and with less human expertise required. Right now, that level of attack takes months or years and specialized teams. If AI can compress that timeline, barriers to entry drop, and more attackers can execute advanced operations.

The flip side is that the same AI capabilities that enable offense also power defense. We are not in a situation where one side has a clear advantage. Both are being augmented at roughly the same pace, which creates a new kind of balance rather than a decisive shift in power.

Who Profits From Vulnerabilities

The heavy concentration of zero-day exploits among commercial surveillance vendors tells us something about the security market. These vendors find new flaws and sell them to governments and law enforcement so they can access suspects' phones and computers. That creates a financial incentive to discover vulnerabilities, but it also means those holes stay unfixed in the software the rest of us use.

As AI makes it easier to find and weaponize flaws, this economic dynamic will likely accelerate unless matched by equally strong defensive measures.

What This Means Going Forward

The discovery of an AI-built exploit in the wild is a milestone, but not a turning point where one side suddenly dominates. Both attackers and defenders have access to the same AI tools. The edge goes to whoever deploys them smarter and with better resources.

For most organizations, the practical advice has not changed: use multiple layers of security rather than relying on a single defense, keep a process for finding and fixing vulnerabilities automatically, and monitor your systems constantly. Companies that use AI well for defense while keeping their incident response teams sharp will handle these threats better than those that don't.

The longer view suggests that cybersecurity is becoming a contest between AI systems, with human experts handling the decisions and edge cases that machines cannot. We have seen this happen in other fields—AI handles the routine work at scale, humans stay in the loop for strategy and judgment. That is likely to be the pattern in security too.

Google's early discovery of this AI-developed exploit is a good sign that defensive AI can keep pace with attack innovations when it is well-funded and deployed thoughtfully. The real question for the security community is whether those same advantages can spread beyond Google to the broader software ecosystem as AI-powered attacks become more common.