AI-Assisted Hacking Is No Longer a Future Threat — Google Warns It’s Already Happening

AI-assisted hacking has officially moved from theoretical concern to real-world reality, according to a new warning from Google. The tech giant has revealed what may be the first known case in which cybercriminals used artificial intelligence to discover and weaponize a previously unknown zero-day vulnerability. The development marks a major turning point in the global cybersecurity landscape and signals that the era of AI-powered cyberattacks has officially begun.

Google Sounds the Alarm

For years, cybersecurity experts have warned that AI could one day accelerate hacking activities to dangerous new levels. According to Google’s latest threat intelligence report released on Monday, that day has arrived. The company says it has uncovered solid evidence of cybercriminals working together to use AI for offensive operations.

Google’s threat intelligence group revealed that several prominent cybercriminal groups joined forces to identify a vulnerability in a Python script tied to a popular open-source system. The flaw, if exploited, could have allowed attackers to bypass two-factor authentication — a security feature relied upon by millions of users worldwide.

While Google did not name the specific cybercriminal groups involved, the report makes clear that the threat is real, organized, and rapidly evolving.

A New Era of Cybercrime

The most alarming part of the discovery is how the attackers used AI to weaponize the vulnerability. The hackers deployed AI-assisted code to develop an exploit for the bug, indicating a level of sophistication previously seen mostly in advanced nation-state operations.

Fortunately, the attempted exploit was unsuccessful. Google detected and stopped the attack before it could cause damage. The company has since disclosed the vulnerability to the affected vendor so it can be patched.

Even so, the incident represents a serious wake-up call for the cybersecurity industry. It confirms that AI is no longer just a tool for defense — it’s now a powerful weapon in the hands of attackers.

How Google Identified AI-Generated Code

One of the most fascinating aspects of the report is how Google determined that AI was involved in creating the malicious code. According to the company, several telltale signs pointed to AI-generated authorship, including:

• Overly explanatory comments inside the code
• A fabricated severity rating for the discovered bug
• Coding patterns commonly produced by AI-generated Python scripts
• Logical phrasing typical of large language models
• A polished structure that lacked traditional hacker shortcuts

These clues allowed Google’s analysts to differentiate between code written by humans and code created with the help of artificial intelligence — a critical new skill for modern cybersecurity teams.

A Hidden Weakness AI Was Able to Spot

The vulnerability targeted by the hackers exposed a subtle flaw in the software’s login logic — specifically, a hidden trust assumption that allowed attackers to bypass two-factor authentication protections. Traditional cybersecurity tools often miss such delicate weaknesses, but advanced AI models appear to be increasingly capable of spotting them.

This raises serious concerns about the future of digital security. As AI continues to evolve, it could empower attackers to uncover risks that even seasoned cybersecurity engineers struggle to detect.

A Direct Warning From Google

John Hultquist, chief analyst at Google’s threat intelligence group, did not mince words when assessing the situation. He warned against the common belief that AI-powered cyberattacks are still a distant threat. According to him, the race has already begun — and the world is just starting to see the first visible examples.

He also pointed out that for every zero-day vulnerability traced back to AI today, many more are likely to remain hidden. This suggests that AI-driven cybercrime may already be far more widespread than experts currently realize.

Nation-State Hackers Are Embracing AI

While criminal groups represent one part of the threat, nation-state actors are also rapidly adopting AI for offensive purposes. Google’s report highlights ongoing AI experiments by hackers tied to North Korea and China, both of which are known for their aggressive cyber operations.

Some of the most concerning examples include:

• APT45, a North Korean military hacking group, using AI to test and validate thousands of exploits targeting software vulnerabilities
• Chinese state-linked groups experimenting with AI to enhance reconnaissance, phishing, and malware development
• AI being used to identify weaknesses in widely deployed enterprise software
• AI-driven automation accelerating attack timelines from weeks to hours

This new wave of AI-enabled state actors poses a serious challenge to global cybersecurity, especially when combined with traditional espionage tactics.

PromptSpy: A New Type of AI-Powered Malware

One of the most disturbing discoveries highlighted in Google’s report involves a new piece of malware called PromptSpy. According to Google, PromptSpy uses Gemini, an advanced AI model, to autonomously control Android devices.

The malware works by interpreting on-screen activity in real time and generating dynamic commands to navigate apps, steal information, and manipulate device functions. Unlike traditional malware that follows pre-written scripts, PromptSpy adapts in real time, making it far more difficult to detect or stop.

This represents a major leap in the sophistication of mobile-based cyber threats. It also signals a future where malware can think, plan, and react like a human operator — but at machine speed.

Why This Moment Is a Turning Point

The discoveries outlined in Google’s report mark a fundamental shift in how cybersecurity professionals must approach digital defense. AI is no longer a tool reserved for cybersecurity teams alone — it is now firmly in the hands of attackers, and the playing field is rapidly leveling.

Key reasons why this moment matters include:

• AI is making vulnerabilities easier to discover
• Cybercriminals can now produce sophisticated exploits faster than ever
• Nation-state hackers are scaling operations using AI automation
• Traditional cybersecurity tools may struggle to detect AI-generated threats
• AI-powered malware can adapt and evolve in real time

The combination of these factors creates a perfect storm in which the speed, scale, and sophistication of cyberattacks could grow dramatically in the coming years.

What Comes Next?

As AI continues to develop, the cybersecurity industry will be forced to adapt at an equally rapid pace. Some expected shifts include:

• Greater investment in AI-powered defensive tools
• New regulations governing the use of AI in software development
• Increased collaboration between governments and tech companies
• Improved AI detection systems to identify machine-generated code
• Faster patching and disclosure timelines for software vulnerabilities

Google’s report is a clear signal that the cybersecurity community must move quickly to prepare for the next generation of digital threats. The future of cybersecurity will not just be a battle between defenders and hackers — it will be a contest between competing AI systems.

A New Reality for the Digital World

Google’s warnings underscore an uncomfortable truth: AI-assisted hacking is no longer something that “might” happen — it is already happening. From state-sponsored intelligence agencies to organized cybercriminal networks, attackers are increasingly relying on AI to push the limits of what’s possible in offensive cyber operations.

For governments, businesses, and everyday users, the message is clear. The world has entered a new era of cyber risk, and staying safe will require constant vigilance, advanced defensive technology, and a deeper understanding of how AI is reshaping the digital battlefield.

The AI-assisted hacking era has arrived — and it’s evolving faster than anyone anticipated.