Google Cloud Threat Intelligence (GTIG) published a report describing how attackers are using AI to accelerate vulnerability exploitation and gain initial access to cloud environments, including Google Cloud. GTIG identified the first known zero-day exploit believed to be AI-developed, targeting an open-source web administration tool and intended for a mass exploitation event before being disrupted. The report also documents abuse of exposed Google Cloud API keys to reach Gemini AI endpoints, and tracks a threat cluster designated TeamPCP (UNC6780) targeting AI software dependencies as an initial-access vector with follow-on ransomware activity. Google notes attackers are exploiting newly disclosed vulnerabilities within hours of publication and increasingly focus on APIs, SaaS, developer platforms, and AI services rather than credential theft. Recommended actions include tightening API key hygiene, monitoring AI service account usage, and shortening patch windows.
- Google warns artificial intelligence is accelerating cyberattack(opens in a new tab)
- Google Warns Hackers Are Using AI to Create Working Zero-Day Exp(opens in a new tab)
- Google Detects First AI-Developed Zero-Day Exploit Used by Threa(opens in a new tab)
- What Security Leaders Say About the First AI-Developed Zero-Day (opens in a new tab)
- Google Cloud Uncovers First AI-Made Zero-Day Exploit, Putting CX(opens in a new tab)
- Google confirms hackers used AI to create zero-day exploit bypas(opens in a new tab)