(Bloomberg) — Security researchers at Alphabet Inc.’s Google said they believe a cybercrime group used artificial intelligence to create a hacking tool that can bypass defenses in a widely-used tool to administer computer systems.
Most Read from Bloomberg
The scheme, which was foiled when Google alerted the tool developer, would mark the first time that Google’s Threat Intelligence Group caught a hacker using an AI-generated “zero-day” in such a way, according to a report published Monday. Zero-day vulnerabilities are flaws unknown to the developer, leaving defenders no time to patch before they can be exploited.
Google said it has “high confidence” that AI was used to help discover and weaponize the exploit.
The company declined to name the cybercrime group, the impacted software or the large language model that was used in the attempted attack. However, a spokesperson said researchers don’t believe the exploit was created using Anthropic PBC’s Mythos or Google’s own model, Gemini.
The company also wouldn’t say when the exploit was discovered other than it was “recent.”
Anthropic said in April it wouldn’t widely release its new model, Mythos, because the way it used AI to identify and exploit software flaws posed a national security risk. Since then, the White House has moved to address potential malicious use of large language models, and government officials have held emergency meetings with technology and industry leaders.
Google researchers said their findings suggest such threats are already a reality.
The hacking group used a AI model to find a previously unknown flaw in the tool, according to the report. That flaw could be used to bypass multifactor authentication, a security protection often added in addition to a password, to gain access to the internal networks of organizations using the software.
Google alerted the tool’s developer, who fixed the issue before hackers could deploy it against users, the report said.
Businesses use web-based system administration tools to configure and manage servers, websites and applications remotely. This includes managing security settings, employee accounts and the permissions those accounts have to access systems and data.
Explainer: Why Are Cyberattacks on the Rise? What Can Be Done?
