Google flags AI-built zero-day exploits

Cybersecurity just crossed an uncomfortable line. Google says it has now seen a real threat actor use what appears to be an AI-developed zero-day exploit, not just AI for phishing emails or malware tweaks. One planned mass-exploitation campaign was disrupted before the exploit got used, which is the good news. The bad news is simpler — the offensive side is climbing the ladder fast, and defenders are racing to automate right back. ### What actually changed? The big change is that Google Threat Intelligence Group is no longer talking about AI as a helper around the edges of hacking. In its May 11 report, GTIG said it identified a criminal actor using a zero-day exploit that it believes was developed with AI. A zero-day means the target had no patch available when the attacker prepared to strike. Google says the actor planned to use it in a mass exploitation event, but Google’s own counter-discovery may have stopped that from happening. (cloud.google.com) ### Why is that a bigger deal than AI phishing? Because phishing is basically persuasion at scale. A zero-day is raw technical leverage. It lets an attacker break into systems through a previously unknown flaw, often before defenders even know what to monitor. The jump from “AI writes better lures” to “AI helps build novel exploits” means the models are getting useful in the part of cyber offense that used to demand scarcer, higher-end talent. (cloud.google.com) That does not mean AI is replacing elite hackers. But it does mean it can compress the time and skill needed to get dangerous results. ### Did Google say who is doing this? Only partly. The zero-day case in the May report is described as criminal activity, but Google also said actors linked to China and North Korea have shown strong interest in using AI for vulnerability discovery. That matters because state-linked groups have more patience, more targets, and often better operational discipline than ordinary cybercrime crews. So even one blocked criminal campaign is not the whole story — it looks more like an early warning. (cloud.google.com) ### Where does Microsoft fit in? Microsoft is pitching the defensive answer. On May 12, it introduced a multi-model agentic scanning system called MDASH. Microsoft says the system helped researchers find 16 new vulnerabilities in the Windows networking and authentication stack, including four critical remote-code-execution flaws. The examples it highlighted hit serious plumbing — the TCP/IP stack and IKEv2 service — which is exactly the sort of territory where a missed bug can turn into broad compromise. (cloud.google.com) ### What does “agentic” mean here? Basically, the system is not just chatting about code. It is orchestrating a workflow — generating ideas, testing paths, refining hypotheses, and handing promising leads back into the loop. Think less “AI assistant” and more “automated junior research team that never gets tired.” The catch is that attackers can use the same general pattern. Once models get good enough at iterative technical work, both sides gain speed. (microsoft.com) ### Why does this hit healthcare especially hard? Healthcare runs on old software, sprawling vendor connections, and extremely valuable data. It also has a brutal uptime problem — hospitals cannot just shut systems down for patching whenever they want. If AI lowers the cost of finding exploitable flaws, sectors with legacy infrastructure and sensitive records become even more attractive. And if AI also speeds up defense, hospitals still have to buy, deploy, and govern those tools fast enough for the benefit to matter. (microsoft.com) That rollout gap is where risk lives. ### So are defenders winning or losing? Neither, yet. What changed this week is that both camps showed a more mature use of AI. Google’s report suggests offensive capability is moving upstream into exploit development. Microsoft’s announcement suggests defenders can also use multi-model systems to surface serious bugs faster. The race is no longer theoretical. ### Bottom line The headline is not “AI broke cybersecurity.” It is narrower, but more important: AI is starting to matter in the highest-value part of the game — finding and weaponizing software flaws, then finding them first on defense. The side that operationalizes that loop faster will set the pace.