Google Confirms It: Criminal Hackers Are Now Using AI to Hunt Zero-Days

For years, “AI is a double-edged sword” was the kind of thing you said at a conference and nobody pushed back on. Vague. Comfortable. This week, Google made it concrete. In a new threat report, the company says criminal actors are now using AI to find real vulnerabilities in real software — not someday, but right now.

That sentence reorders the security landscape in ways most people haven’t caught up to yet.

What’s actually new in Google’s warning

The headline isn’t “hackers use AI.” Hackers have been using ChatGPT to write phishing emails since 2023. The headline is that AI is now being used to find zero-day vulnerabilities — flaws nobody has disclosed yet, in code that’s running in production.

Here’s why that matters. The unwritten rule of the security industry has always been a time arbitrage: an attacker might burn weeks or months finding one exploitable bug. Meanwhile, defenders patch, audit, ship updates. Time was on the defender’s side.

AI is collapsing that window. A model can sweep hundreds of thousands of lines of code in minutes, flag suspicious patterns, and even draft an exploitation path. Google’s own security team has been using these techniques for defensive research — Project Zero and the OSS-Fuzz team have publicly demonstrated AI-assisted bug discovery. The uncomfortable update is that the same capability is now in criminal hands.

The asymmetry just got worse

Cybersecurity has always been an asymmetric game. Defenders have to plug every hole; attackers only need one. AI tilts that further.

• Defenders audit a finite surface: their own codebase, their own dependencies.
• Attackers can fan out across the entire open-source ecosystem — npm, PyPI, every popular library, every firmware blob — looking for one exploitable mistake.

And AI doesn’t sleep, doesn’t take PTO, doesn’t bill by the hour. One skilled operator can now do the work of a small team. The scenario security researchers have been warning about — the cost of finding a vulnerability falling through the floor — is no longer hypothetical.

The skill floor is dropping fast

The scarier part isn’t the elite end of the spectrum. It’s the bottom.

Finding serious vulnerabilities used to require a rare skill stack: reading assembly, understanding memory layouts, writing fuzzers, knowing what a heap spray even is. That gatekeeping kept most would-be attackers out.

AI assistants are flattening that learning curve. Paste in some C code, ask “what could go wrong here from a security standpoint,” and you get a serviceable answer. Script kiddies — the term of art for hackers who only run other people’s tools — can now generate plausible exploits on their own.

There are already reports of “jailbroken” LLMs circulating on dark web forums, stripped of the safety guardrails that make Claude or GPT refuse malware requests. WormGPT and its successors were early signals. The market for them is growing.

Defenders aren’t standing still

The same arsenal is on the blue team’s side. Google’s OSS-Fuzz project uses AI to proactively find and patch bugs in open-source code before attackers do. Microsoft, Meta, and most of the major cloud providers are building similar AI-augmented security pipelines. GitHub’s Copilot now has security review features baked in.

The whole game becomes a speed race. Can defenders find and patch flaws faster than attackers can find and weaponize them? That question will define the next five years of cybersecurity.

For companies, the boring fundamentals matter more than ever. Patch quickly. Inventory your dependencies. Have a response plan. The window between “vulnerability exists” and “vulnerability is being exploited in the wild” is shrinking toward zero.

What this means for everyone else

Honestly, individuals can’t do much about the macro shift. But the basics now carry more weight than they used to.

Turn on automatic updates for your OS and apps. Enable two-factor authentication, ideally with an authenticator app or hardware key rather than SMS. Stop reusing passwords — get a password manager. None of this is new advice. The difference is that the cost of ignoring it is climbing.

We’ve crossed a line where the discovery of security flaws is starting to leave human hands entirely. Google’s report isn’t a warning that AI could be dangerous. It’s confirmation that it’s already being used as a weapon. The interesting question isn’t whether this changes things — it already has. It’s what regulatory and industry response shows up before the gap widens further.