Close Menu
Daily Guardian EuropeDaily Guardian Europe
  • Home
  • Europe
  • World
  • Politics
  • Business
  • Lifestyle
  • Sports
  • Travel
  • Environment
  • Culture
  • Press Release
  • Trending
What's On

Moldova nominates businessman to be new PM – POLITICO

July 11, 2026

Apple sues OpenAI over alleged theft of trade secrets – here’s what to know

July 11, 2026

Zelenskyy sets up new unit to strike deep into Russia – POLITICO

July 11, 2026

Ein Spaziergang mit Patrick Schnieder – POLITICO

July 11, 2026

Russian missile strikes on Kyiv injure at least 11

July 11, 2026
Facebook X (Twitter) Instagram
Web Stories
Facebook X (Twitter) Instagram
Daily Guardian Europe
Newsletter
  • Home
  • Europe
  • World
  • Politics
  • Business
  • Lifestyle
  • Sports
  • Travel
  • Environment
  • Culture
  • Press Release
  • Trending
Daily Guardian EuropeDaily Guardian Europe
Home»Lifestyle
Lifestyle

Hackers are using AI to find security flaws no scanner can catch, Google warns

By staffMay 27, 20264 Mins Read
Hackers are using AI to find security flaws no scanner can catch, Google warns
Share
Facebook Twitter LinkedIn Pinterest Email

Published on
27/05/2026 – 8:12 GMT+2

Artificial intelligence has made it easier to write emails, generate spreadsheets and plan holidays, as the widespread popularity of the various AI models can attest.

It has also, according to a recent Google report, made it considerably easier to figure out previously unmapped or impossible-to-predict gaps in the software of our systems.

Google’s Threat Intelligence Group said it had for the first time caught hackers using AI to discover and exploit a so-called zero-day vulnerability, or a security flaw the software’s developer does not yet know exists and for which no fix is available.

The target was a popular web-based system administration tool and the flaw allowed attackers to bypass two-factor authentication, that second layer of security most people believe keeps their accounts safe.

Google said it spotted the attack before it could be deployed at scale and quietly alerted the software vendor.

“The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use,” the report noted.

“Threat actors associated with the People’s Republic of China (PRC) and the Democratic People’s Republic of Korea (DPRK) have also demonstrated significant interest in capitalizing on AI for vulnerability discovery.”

A crack developers failed to see

The zero-day vulnerability is not a conventional flaw. Traditional security scanners look for crashes and memory errors, the software equivalent of a spellchecker looking for the digital equivalent of a typo – but this vulnerability was buried in the logic of the code, a subtle hardcoded assumption by the developer that no automated scanner would have caught.

It is the kind of mistake where everything looks correct on the surface but the underlying reasoning is broken. Think of a bank vault with a working lock that nonetheless opens for someone who knows the exception exists because the designer, without realising it, built one in.

That is exactly the kind of contradiction AI is good at finding. “Frontier LLMs excel at identifying these types of high-level flaws and hardcoded static anomalies,” the report continued.

Though frontier LLMs struggle to navigate complex enterprise authorisation logic, “they have an increasing ability to perform contextual reasoning… and [catch] the contradictions of its hardcoded exceptions”, it concluded.

This capability can allow models to surface dormant logic errors that appear functionally correct to traditional scanners but are broken from a security perspective.

Not just one trick

While the zero-day vulnerability was the main finding, the full report makes for uncomfortable reading.

Chinese and North Korean state-sponsored hackers are using AI to hunt for vulnerabilities at an industrial scale, sending automated prompts to probe for weaknesses in everything from home routers to corporate networks.

Google observed one North Korean group “sending thousands of repetitive prompts that recursively analyze different CVEs and validate PoC exploits”, building what the report calls “a more robust arsenal of exploit capabilities that would be impractical to manage without AI assistance”.

Russian-linked groups, meanwhile, are using AI to develop malware that rewrites itself on the fly to evade detection, a capability that previously required significant human expertise.

AI is also transforming phishing. Rather than mass-blasting generic emails, attackers are now using AI to map corporate hierarchies and identify specific targets with access to sensitive data and generate “higher-fidelity phishing lures tailored to individuals with administrative privileges”, in the report’s words, that go well beyond “the commodity tactics of traditional bulk phishing”.

The broader shift, Google warns, is from AI as a research tool to AI as sort of active combatant in the security sphere.

“The LLM is no longer merely a passive advisor but an active participant in the offensive chain, capable of orchestrating complex toolsets and making tactical decisions at machine speed.”

Google’s own AI tools flagged the zero-day before it could cause damage, which is the silver lining here. The company is deploying AI agents itself to find and patch vulnerabilities faster than human teams could manage.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Keep Reading

Apple sues OpenAI over alleged theft of trade secrets – here’s what to know

News outlets seek sanctions against OpenAI in copyright battle

AI for Good summit takes place in Geneva as countries debate global governance

Artemis II astronauts reunite with Orion after record-breaking Moon mission

Meta plans biggest AI data centre outside US in Canada with $9.1bn investment

French watchdog orders Meta back to press payment talks after copyright deals expire

AI’s biggest World Cup star? It’s a fake Erling Haaland

OpenAI, Meta and SpaceXAI push new AI models in a week of major releases

Could your skincare contain microplastics?

Editors Picks

Apple sues OpenAI over alleged theft of trade secrets – here’s what to know

July 11, 2026

Zelenskyy sets up new unit to strike deep into Russia – POLITICO

July 11, 2026

Ein Spaziergang mit Patrick Schnieder – POLITICO

July 11, 2026

Russian missile strikes on Kyiv injure at least 11

July 11, 2026

Subscribe to News

Get the latest Europe and world news and updates directly to your inbox.

Latest News

Police surround Berlin supermarket after woman taken hostage

July 11, 2026

Video. Spain fans celebrate World Cup semi-final place after Belgium win

July 11, 2026

Video. Famed fashion designer Martin Margiela auctions off personal archives

July 11, 2026
Facebook X (Twitter) Pinterest TikTok Instagram
© 2026 Daily Guardian Europe. All Rights Reserved.
  • Privacy Policy
  • Terms
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.