What you need to know about Google’s AI exploit discovery

Adversaries using AI to exploit vulnerabilities, especially zero-day ones, are a growing threat for organizations, suggest experts.

A recent publication by Google’s Threat Intelligence Group (GTIG) has identified its first criminal threat actor who allegedly developed and leveraged a zero-day exploit with the help of AI, with plans for a “mass exploitation event.” However, Google was able to thwart the attempt through “proactive counter discovery.”

Amy Mushahwar, Lowenstein Sandler’s partner and chair of the data privacy, security, safety, and risk management team, as well as former CISO for ZwillGen, told IT Brew that GTIG’s discovery is a “new application of a very old problem.”

“Certainly, large-scale systems and bottleneck systems are at risk, and especially in an AI-based environment where discovery of zero days especially, is a little scary,” Mushahwar said.

Bigger tech companies, including platform hosts, “should be paying especially good attention to Google’s announcement,” she added.

Multiple bypass. According to GTIG, cyberattackers reportedly used AI to “support the discovery and weaponization” of a zero-day vulnerability in a Python script that allows users to bypass multi-factor authentication on a web-based and popular open-source system administration tool. GTIG said that it doesn’t believe that Google’s Gemini was used in the attack.

“The vulnerability can be classified as a [two-factor authentication] bypass, though it requires valid user credentials in the first place,” GTIG wrote. “It stems not from common implementation errors like memory corruption or improper input sanitization, but a high-level semantic logic flaw where the developer hardcoded a trust assumption.”

GTIG claims it found multiple threat actors experimenting with AI to produce malware and other tools. Additionally, the group shared that threat actors are moving past developing tools and generating content, and instead have begun to rely on LLMs for live decision-making and “interactive system navigation.”

“By integrating LLMs into malware operations, attackers can enable payloads to act autonomously, independently interacting with the victim environment or device, synthesizing system states and executing precise commands devoid of human supervision,” the study said.

What professionals should do about it. Professionals should make sure that their current patch environment includes risk acceptances, or the acknowledgment that potential cybersecurity threats could impact an organization. Since AI is a “vulnerability discovery accelerator,” Mushahwar explained that an enterprise should go back to basics to ensure that an organization isn’t an easy target.

“Go back to basics and make sure that your risk environment makes sense and those acceptances make sense,” Mushahwar said. “If you have the ability to be able to retain a vendor in order to get your enterprise scanned by frontier [AI] models, it’s a very good idea right now.”