-
Google’s Threat Intelligence Group caught and likely stopped a hacker group that used AI tools to plan a large-scale software vulnerability attack.
-
The hackers used an AI model called OpenClaw to find and exploit a zero-day flaw capable of bypassing two-factor authentication.
-
Anthropic and OpenAI are both navigating the dual-use risk of AI in cybersecurity, with new model releases drawing intense industry scrutiny.
Hackers are now using artificial intelligence to hunt for software weaknesses, and they nearly pulled off something significant.
Google’s Threat Intelligence Group (GTIG) published a report on Monday revealing that it caught and likely stopped a hacker group from executing what it called a “mass vulnerability exploitation operation.”
The incident stands as one of the clearest examples yet of AI being turned into a weapon against the very infrastructure it was meant to protect.
Hackers turn AI into a cyberweapon
GTIG said it holds strong confidence that it recorded hackers using an AI model to identify and exploit a zero-day vulnerability, a software flaw that developers have no prior knowledge of and therefore no patch for. The attackers used that flaw to build a method for bypassing two-factor authentication, one of the most widely trusted security measures online today.
According to Google, the criminal group planned to deploy the exploit across multiple systems at once in a coordinated attack. Google’s early detection of the operation may have prevented the plan from moving forward. The company did not name the hacker group in its report but confirmed that its own Gemini AI model played no role in the attack.
The tool the hackers relied on was OpenClaw, an AI model that cybercriminals are increasingly turning to for vulnerability discovery and malware development.
Google’s report flagged several examples of hacker groups using OpenClaw to scan for software weaknesses, build attack tools, and launch live cyberattacks.
Groups with ties to China and North Korea, the report noted, showed particularly strong interest in using AI for this kind of offensive security research.
AI model releases spark industry-wide security debate
The timing of Google’s findings lands in the middle of a broader industry reckoning over how AI companies release powerful models to the public. In April, Anthropic held back the launch of its Mythos model after concerns emerged that bad actors could use it to identify and exploit decades-old software vulnerabilities.
The decision sent a jolt through the industry and triggered direct meetings between technology leaders and the White House.
Anthropic has since moved cautiously, releasing Mythos to a limited circle of trusted testers. Apple, CrowdStrike, Microsoft, and Palo Alto Networks are among the companies with current access. The approach reflects a wider strategy of controlled exposure, giving cybersecurity experts time to assess the model’s risk profile before any broader rollout.
OpenAI also stepped into this space last week, announcing that GPT-5.5-Cyber (a variant of its newest model built specifically for security applications) is now live in a confined preview to web security teams that are vetted.
The company is threading a careful needle, trying to arm defenders with cutting-edge tools without handing the same advantage to those who would misuse them.
What this means for organizations and everyday users
The bigger picture here is difficult to ignore. Cybersecurity firms pour billions into stronger defenses every year, but AI is giving attackers a faster, cheaper way to outpace those investments.
The scale of the threat is staggering. Fake Chrome extensions recently stole data from over 300,000 users, a reminder that while AI-powered zero-day exploits grab headlines, more traditional attack methods remain incredibly effective at scale.
Finding zero-day vulnerabilities once required deep technical skill and significant time. AI tools are compressing that timeline and putting those capabilities within reach of a much wider range of threat actors.
Google’s interception of this particular operation is a meaningful win, but it also functions as a warning. Organizations should prioritize patching systems regularly, enforcing strong access controls, and monitoring for unusual authentication activity. Two-factor authentication remains a valuable layer of defense, though this incident makes clear it is not unbreakable.
For everyday users, the risk is less immediate but still real. Breaches that begin at the infrastructure level eventually reach personal data. Using unique passwords across accounts, enabling security alerts, and staying alert to suspicious activity remain the most reliable first lines of defense.
AI was designed to make the digital world easier to navigate. In the wrong hands, it is making that world considerably more dangerous.
