Artificial intelligence is reshaping cybersecurity in ways that extend far beyond productivity tools. According to a new report from Google's Threat Intelligence Group, hackers have for the first time used AI to identify and exploit a zero-day vulnerability — a security flaw unknown to the software's developer and lacking any available patch. The target was a widely used web-based system administration tool, and the flaw enabled attackers to bypass two-factor authentication, the second layer of security many users rely on.
Google stated that it detected the attack before it could be deployed at scale and quietly alerted the software vendor. "The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use," the report noted. The company also observed that threat actors linked to the People's Republic of China and the Democratic People's Republic of Korea have shown "significant interest in capitalizing on AI for vulnerability discovery."
A Logic Flaw That Scanners Could Not Catch
This zero-day vulnerability differs from conventional security flaws. Traditional scanners look for crashes and memory errors — the digital equivalent of a spellchecker catching a typo. But this vulnerability was buried in the code's logic: a subtle, hardcoded assumption by the developer that no automated scanner would have flagged. It is the kind of mistake where everything appears correct on the surface, but the underlying reasoning is broken. Imagine a bank vault with a working lock that nonetheless opens for someone who knows the exception exists because the designer, without realising it, built one in.
That is precisely the type of contradiction AI excels at identifying. "Frontier LLMs excel at identifying these types of high-level flaws and hardcoded static anomalies," the report continued. While these models struggle with complex enterprise authorisation logic, they have "an increasing ability to perform contextual reasoning... and catch the contradictions of its hardcoded exceptions." This capability allows AI to surface dormant logic errors that appear functionally correct to traditional scanners but are broken from a security perspective.
The implications for European cybersecurity are significant. As the continent's digital infrastructure expands — from Berlin's tech hubs to Warsaw's financial networks — the reliance on automated security tools may leave systems exposed. The European Union's recent push for AI regulation, including the AI Act, underscores the need for vigilance. However, as Europe risks an AI dependency trap, the ability to detect such flaws becomes a strategic priority.
Beyond Zero-Day: AI-Driven Threats at Scale
The report paints a broader picture of AI-enabled threats. Chinese and North Korean state-sponsored hackers are using AI to hunt for vulnerabilities at an industrial scale, sending automated prompts to probe weaknesses in everything from home routers to corporate networks. Google observed one North Korean group "sending thousands of repetitive prompts that recursively analyze different CVEs and validate PoC exploits," building what the report calls "a more robust arsenal of exploit capabilities that would be impractical to manage without AI assistance."
Russian-linked groups, meanwhile, are using AI to develop malware that rewrites itself on the fly to evade detection — a capability that previously required significant human expertise. AI is also transforming phishing. Rather than mass-blasting generic emails, attackers now use AI to map corporate hierarchies and identify specific targets with access to sensitive data, generating "higher-fidelity phishing lures tailored to individuals with administrative privileges" that go well beyond "the commodity tactics of traditional bulk phishing."
These developments echo warnings from European leaders. Pope Leo XIV recently warned that the AI arms race fuels a 'culture of power' and modern slavery, while Estonia has cautioned the EU against direct talks with Russia, highlighting the geopolitical dimensions of cyber threats. The Baltic region, in particular, has faced hybrid attacks, as Ursula von der Leyen warned about Russian hybrid strategies.
The broader shift, Google warns, is from AI as a research tool to AI as an active combatant in the security sphere. "The LLM is no longer merely a passive advisor but an active participant in the offensive chain, capable of orchestrating complex toolsets and making tactical decisions at machine speed." For European governments and businesses, this means that traditional security approaches may no longer suffice. The challenge is not just to patch known vulnerabilities, but to anticipate those that AI can uncover — before attackers do.
