Security researchers at Alphabet Inc’s Google said they believe a cybercrime group used artificial intelligence to create a hacking tool that can bypass defences in a widely used tool to administer computer systems.The scheme, which was foiled when Google alerted the tool developer, would mark the first time that Google’s Threat Intelligence Group caught a hacker using an AI-generated “zero-day” in such a way, according to a report published Monday. Zero-day vulnerabilities are flaws unknown to the developer, leaving defenders no time to patch before they can be exploited. Google said it has “high confidence” that AI was used to help discover and weaponise the exploit.The company declined to name the cybercrime group, the impacted software or the large language model that was used in the attempted attack. However, a spokesperson said researchers don’t believe the exploit was created using Anthropic PBC’s Mythos or Google’s own model, Gemini.The company also wouldn’t say when the exploit was discovered other than it was “recent”. Anthropic said in April it wouldn’t widely release its new model, Mythos, as the way it used AI to exploit software flaws posed a national security risk. Since then, White House has moved to address potential malicious use of large language models, and officials have held emergency meetings with technology and industry leaders.Google researchers said their findings suggest such threats are already a reality.The hacking group used an AI model to find a previously unknown flaw in the tool. That flaw could be used to bypass multi-factor authentication, a security protection often added in addition to a password, to gain access to the internal networks of organisations using the software.Google alerted the tool’s developer, who fixed the issue before hackers could deploy it against users, the report said.Businesses use web-based system administration tools to configure and manage servers, websites and applications remotely. This includes managing security settings , employee accounts and permissions the accounts have to access systems and data. This is Bloomberg story.
