Google: Cyberattack averted by AI-found zero-day vulnerability
For weeks, there have been warnings that malicious cyber actors could soon find and exploit security vulnerabilities with help of AI. Now, it's really happening.
(Image: Schager/Shutterstock.com)
Google has reportedly recently prevented a cyberattack that would have been based on a zero-day vulnerability found using AI technology. Google Threat Intelligence Group has now made this public without providing many details. According to the explanation, it was a security vulnerability in a Python script that would have allowed a user to bypass the two-factor authentication of “a popular open-source, web-based system administration tool.” The information about the vulnerability was disclosed to the affected provider as part of Responsible Disclosure, and the associated activities were stopped. Google assumes that the vulnerability was not discovered with its AI Gemini.
Significant beyond the individual case
Google's security department also has no direct proof that the vulnerability was found with the help of AI; they are merely inferring it from certain indications. For example, the malicious code contains a large amount of informative data, a fictional CVSS score, and a “structured, textbook Pythonic format highly characteristic of LLMs training data.” At the same time, it is a type of vulnerability that would have been very difficult to find with conventional tools. However, AI models “excel” at finding them, uncovering hidden logic errors “that appear functionally correct to traditional scanners but are strategically broken from a security perspective.”
Videos by heise
Google's announcement suggests that an era of AI-powered cyberattacks may have begun, which has been warned about for weeks, and it is unclear how long it might last. The basis for this was primarily the AI model Claude Mythos Preview, which is said to be so good at finding vulnerabilities that its manufacturer, Anthropic, does not want to release it. Instead, only selected companies have access, who are supposed to use it to improve IT security. As a direct consequence, a particularly large number of vulnerabilities have recently been found and fixed in some software. Mozilla even believes that all software errors are fundamentally discoverable and that defense could win. However, that is still a long way off, and Google's statement indicates that malicious cyber actors can now use similar tools.
(mho)
