Google Catches Hackers Using AI to Find a Zero-Day Before Anyone Else
2026-05-13
“Google's Threat Intelligence Group says they spotted the first known case of attackers weaponizing AI to discover a zero-day vulnerability. The good news is they caught it. The other news is that this is now a thing.”

For years the AI security conversation has been theoretical. Could attackers use models to find vulnerabilities at scale? Could defenders keep up? Google's Threat Intelligence Group just answered the first question with a yes and the second question with a maybe. They identified what they describe as the first documented case of an AI assisted zero-day discovery in the wild and apparently stopped the planned mass exploit before it landed.
The technical details are sparse, which is normal for incidents like this. What matters is the precedent. A capable model, a creative attacker, and enough compute can now do in days what used to take a serious research team weeks. The defenders won this round because Google has the visibility of literally most of the internet and the model talent to match. That is not a generalizable advantage.
Every CISO with a budget meeting next week just got a new slide. Every vendor selling AI for offensive security testing just got a new pitch deck. And every dev team running outdated dependencies got a new reason to actually patch this time.
- Google Threat Intelligence Group publicly documented the incident
- Attackers reportedly used AI to discover a previously unknown vulnerability
- Google says it intervened before a planned mass exploitation event
- Technical details remain limited to protect ongoing investigations
- This is being described as the first publicly documented case of its kind
- Industry response includes accelerated investment in AI assisted defense tooling
- 01
The first documented attack is also the first documented defense. Google's disclosure gives the industry a real playbook instead of vibes. AI for defense is no longer a future bet. It is table stakes, and now everyone has permission to fund it.
- 01
Anyone still treating AI security as a thought experiment. Vendors selling 2022 era pentest tooling. And every infosec team without a budget to match what attackers can now spin up on a credit card.
No meter. No surprises.
The story isn't Copilot. It's the meter. Here is the calmer way to get your code reviewed.
- Flat price for the Full Suite. No usage meter, no month-end surprise.
- Free CLI: 90 roasts a month, no account needed.
- Privacy-first: a dry-run shows the exact payload, and your secrets never leave your machine.
Works in Claude Code, Cursor and Windsurf via MCP. Open source, and proud of it.
Got something the world should see roasted? Drop it.
A full teardown from €2,99. No mercy.