First AI-developed ‘zero-day’ exploit discovered as AI threats become top concern

MANILA, Philippines – At the end of 2025, researchers found that the common AI tools that people use for productivity could also be used to aid in cyberattacks. These tools lowered the skill barrier for attackers, helping them write more sophisticated phishing emails, understand vulnerabilities, and create harmful code. 

On Tuesday, May 12, Google’s Threat Intelligence Group (GTIG) published its latest report on key developments that signal rising sophistication in terms of how AI is used in cyberattacks. 

The top finding was a “zero-day exploit” that is said to be the first one to have been developed with the aid of AI.

A zero-day exploit is an unpatched vulnerability that is being seen for the first time. To the attacker, it’s an opening that it can exploit to gain entry into the system. 

The vulnerability that GTIG found could have potentially enabled the attacker to “bypass two factor-authentication (2FA) on a popular open-source web-based administration tool.” 

The group found that “prominent cyber threat actors” were partnering to exploit it, but it worked with the unnamed “impacted vendor” to disclose the exploit, and disrupt the potential attack. 

“For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI,” it said, adding that it has “high confidence” that the potential attacker used an AI model to find and weaponize the vulnerability. 

It identified threat actors from China and North Korea that have “demonstrated significant interest in capitalizing on AI for vulnerability discovery.”

One method is by training an LLM with real-world vulnerability cases. A threat actor was discovered to have inputted a database of 85,000 of the said cases that were originally collected on the Chinese bug bounty platform WooYun between 2010 and 2016. 

The threat actor fed the data into the LLM, which allowed it to “steer the model to approach code analysis like a seasoned expert and identify logic flaws.” 

Automation via AI is also a trend that GTIG is seeing happening on a larger scale. 

Agentic AI or AI that is able to perform various tasks automatically on behalf of a human user has been a buzzword as of late — and it’s something that has reached cyber attackers as well. 

GITG found a “sophisticated shift” toward agentic AI-enabled attacks that basically allow attackers to automate a lot of tasks. 

In the group’s analysis of an attack against an unnamed Japanese tech firm and “prominent” East Asian cybersecurity platform, the threat actor used a set of tools that allowed the automation of the “identification and validation of vulnerabilities,” along with the ability to switch between tools for reconnaissance based on the AI’s own internal reasoning. 

This creates a larger, more persistent attack surface that lessens human oversight. 

GTIG said, “…the LLM is no longer merely a passive advisor but an active participant in the offensive chain, capable of orchestrating complex toolsets and making tactical decisions at machine speed.” 

The full report, found here, has more information on these newly discovered AI-based cyberattack strategies. 

Solutions vs. AI attacks

While the developments outlined by GTIG point to increasingly sophisticated AI-enabled cyberattacks, cybersecurity firms say AI can also strengthen defenses when used properly.

At the Accelerate Asia Pacific 2026 Philippines briefing also held on May 12, Fortinet said AI-driven threats have rapidly become a top concern among organizations in the region.

The findings came from Fortinet’s annual Accelerate report, which surveyed 585 chief information security officers (CISOs) and senior cybersecurity leaders across the Asia-Pacific region, including more than 50 cybersecurity leaders from the Philippines representing various industries.

According to the report, 57% of Philippine cybersecurity leaders now consider AI-driven threats as their top cybersecurity concern — a sharp increase in the past 5 months, according to Rashish Pandey, the firm’s VP for communications and marketing in Asia-Pacific. 

One major issue is “tool fragmentation,” wherein companies use dozens of disconnected cybersecurity tools simultaneously. According to Fortinet, many organizations in the Philippines use between 20 and 40 different security tools, creating “alert overload” that makes it harder for security teams to respond quickly to threats.

Another concern is the persistent cybersecurity skills gap — a long-time issue. Companies are not only struggling to hire cybersecurity professionals in general, but are now also looking for workers with specialized AI security knowledge.

The rise of “shadow AI” is also becoming a concern for organizations. This refers to employees using AI tools such as OpenAI’s ChatGPT or Anthropic’s Claude without the knowledge of their IT departments, potentially exposing sensitive company data.

To address these issues, Fortinet said the organizations surveyed are looking to spend more, with 70% of organizations planning to increase cybersecurity spending, particularly on AI-enabled security tools and workforce training. “More than 60% expect AI to improve detection accuracy, accelerate response, and strengthen overall security posture,” Fortinet said.

They also described an emerging “humans on the loop” approach to AI security. In this setup, AI systems and agentic AI can automatically handle certain cybersecurity tasks and communicate with other AI systems, while human analysts continue supervising important decisions and intervening when necessary.

Country manager Bambi Escalante said, “AI will not replace human when it comes to cybersecurity. Human beings will always be needed in terms of judgment and oversight.” 

“The bad guys work together, the good guys need to work together as well…[we need to] have an ecosystem approach to cybersecurity,” said Pandey. – Rappler.com