Google Utilizes AI to Counter Hackers Targeting Companies' Digital Vulnerabilities

Google Disrupts AI-Driven Cyberattack, Highlighting Growing Concerns

Google has disrupted a recent attempt by a criminal group to use artificial intelligence (AI) to exploit a previously unknown digital vulnerability in another company's system. This incident adds to the growing concerns across government and private industry about the risks of AI for cybersecurity.

The attack, which was uncovered by Google's threat intelligence arm, represents a moment that cybersecurity experts have warned about for years: malicious hackers arming themselves with AI to supercharge their ability to break into the world's computers. According to John Hultquist, chief analyst at Google's threat intelligence arm, "It's here. The era of AI-driven vulnerability and exploitation is already here."

The incident comes at a time when AI's ability to find vulnerabilities is increasing rapidly, including the recent announcement of the Mythos model by Anthropic. In response, President Donald Trump's White House has shifted its approach to vetting the most powerful AI models before their public release.

Read also: Treasury Yields Experience Largest Increase in Two Weeks Following Release of Labor Market Data

Government Oversight in Question

After repealing Democratic President Joe Biden's guardrails around the fast-developing technology, the Republican administration and its allies are now sending mixed signals about the government playing a larger role in AI oversight. Dean Ball, a senior fellow at the Foundation for American Innovation and a former White House tech policy adviser, believes that regulation is necessary in this case. "I don't like regulation," Ball said. "I would prefer for things not to be regulated. But I think we need to in this case."

AI-Driven Cyberattacks on the Rise

Google said it observed a group of prominent threat actors planning a big operation relying on a bug they had found. The vulnerability allowed them to bypass two-factor authentication to access a popular online system administration tool, which Google declined to name. The company called it a zero-day exploit, a cyberattack that takes advantage of a previously unknown security vulnerability. Google said it notified the affected company and was able to disrupt the operation before it caused any damage.

Read also: US-Iran Tensions Spark Uptick in Oil Prices Amid Global Market Decline

However, as it traced the hackers' footprints, Google found evidence that they had used an AI large language model to discover the vulnerability. The company didn't reveal which AI model was used in the cyberattack, but said that it was most likely not Google's own Gemini or Anthropic's Claude Mythos. Google also didn't reveal which group it suspected in the attack, but said that there was no evidence it was tied to an adversarial government.

Racing Against the Clock

According to Hultquist, the use of AI in cyberattacks has created a race between cybersecurity experts and hackers. "There's a race between you and them to stop them before they can essentially get whatever data they need to extort you with, or launch ransomware," he said. "AI is going to be a huge advantage because they can move a lot faster."

Uncertainty Surrounds Government Response

The Trump administration's announcement of new agreements with Google, Microsoft, and Elon Musk's xAI to evaluate their most powerful AI models before their public release has raised questions about the government's role in AI oversight. However, the announcement later disappeared from the Commerce Department website, leaving many wondering about the government's stance on AI regulation.

In the meantime, Ball believes that AI tools that are increasingly good at coding will make us safer from routine cyberattacks in the long term. However, he also warns that there are "untold trillions of lines of software code" supporting the world's computing systems that are at risk if AI tools are unleashed to exploit all of their bugs.