Google Thwarts AI-Powered Mass Exploitation Plot by Hackers
Google’s Threat Intelligence Group (GTIG) revealed on Monday that it disrupted a hacking operation leveraging artificial intelligence to plan a large-scale exploitation of a zero-day vulnerability. The attackers aimed to bypass two-factor authentication (2FA) by using an AI model to identify and weaponize an undisclosed software flaw though Google confirmed its own Gemini model was not involved.
The company stated it had "high confidence" in its findings, suggesting the proactive detection may have prevented the attack before it could be executed. The hacker group behind the operation was not named.
The incident highlights a growing trend: cybercriminals are increasingly turning to AI tools like OpenClaw to automate vulnerability discovery, accelerating the pace and scale of attacks. Google’s report noted that state-linked groups from China and North Korea have shown particular interest in AI-driven exploitation, signaling a shift in cyber warfare tactics.
This development follows industry concerns over AI’s dual-use potential. In April, Anthropic delayed the release of its Mythos model due to fears it could be misused to uncover legacy vulnerabilities, prompting high-level discussions with the White House and tech leaders. The model was later released to a restricted group of testers, including Apple, CrowdStrike, Microsoft, and Palo Alto Networks.
Meanwhile, OpenAI has begun rolling out GPT-5.5-Cyber, a specialized version of its latest model, to vetted cybersecurity teams in a limited preview. The move reflects efforts to balance AI innovation with security risks as threat actors refine their techniques.
Google TPRM report: https://www.rankiteo.com/company/google
"id": "goo1778567308",
"linkid": "google",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Technology/Internet',
'name': 'Google',
'type': 'Technology Company'}],
'attack_vector': 'AI-powered vulnerability discovery',
'description': 'Google’s Threat Intelligence Group (GTIG) disrupted a hacking '
'operation leveraging artificial intelligence to plan a '
'large-scale exploitation of a zero-day vulnerability. The '
'attackers aimed to bypass two-factor authentication (2FA) by '
'using an AI model to identify and weaponize an undisclosed '
'software flaw. The hacker group behind the operation was not '
'named.',
'investigation_status': 'Disrupted before execution',
'lessons_learned': 'Cybercriminals are increasingly using AI tools to '
'automate vulnerability discovery, accelerating the pace '
'and scale of attacks. State-linked groups from China and '
'North Korea have shown interest in AI-driven '
'exploitation.',
'motivation': 'Bypass two-factor authentication (2FA)',
'post_incident_analysis': {'root_causes': 'AI-powered vulnerability discovery '
'by threat actors'},
'references': [{'source': 'Google Threat Intelligence Group (GTIG) report'}],
'response': {'communication_strategy': 'Public disclosure via report',
'incident_response_plan_activated': 'Proactive detection and '
'disruption'},
'title': 'Google Thwarts AI-Powered Mass Exploitation Plot by Hackers',
'type': 'Zero-day exploitation',
'vulnerability_exploited': 'Undisclosed zero-day vulnerability'}