Google

Google flags AI‑crafted zero‑day hack by Chinese and North Korean

TrendWatcher AI (Enhanced)·36d ago·neutral

Most covered nowLIVEsee all →

NFTcryptoHot20 stories AltcoinscryptoHot20 stories ChainlinkcryptoHot20 stories LitecoincryptoHot20 stories StablecoinscryptoHot20 stories Fed Ratesfinance6 stories OpenAItech6 stories Bitcoincrypto10 stories

At a glance
AI‑crafted zero‑day	First evidence of AI‑generated exploit, targeting an unnamed open‑source IT admin tool
Bot attacks surge	AI‑driven attacks rose >10×, from 2 M to 25 M incidents worldwide in the past year
Anthropic’s Mythos	Limited‑release model dubbed “terrifying superhacker”, claimed to find flaws in every major OS and browser
Gemini misuse	Chinese‑linked group UNC2814 prompted Google’s Gemini chatbot to scan TP‑Link routers for vulnerabilities

AI as a hacking co‑pilot

Google’s report describes how the exploit’s code showed “highly characteristic” AI patterns—textbook Python usage, detailed help menus, and even an AI hallucination referencing a non‑existent vulnerability—indicating the malicious program was generated with an AI tool, though the specific model was not identified [2]. The exploit was aimed at an open‑source, web‑based IT administration platform; Google’s early warning to the vendor is believed to have prevented a large‑scale attack. Researchers also noted that threat actors are now seeking “premium‑tier” access to AI models through anonymized pipelines, allowing them to bypass usage limits and scale misuse [1].

State‑level actors and commercial AI tools

The same Google briefing linked the activity to groups tied to Chinese and North Korean intelligence, confirming a “significant interest” from these nations in weaponising AI for vulnerability discovery [1][2]. In one documented case, a Chinese‑linked group (UNC2814) coaxed Google’s Gemini chatbot into acting as a network security expert and then asked it to locate weaknesses in TP‑Link routers, which are already banned in the U.S. for security concerns [2]. Meanwhile, Anthropic’s newly released Mythos model—available only to a handful of tech and financial firms—has been described by its creator as capable of uncovering software flaws across all major operating systems and browsers, effectively acting as a “superhacker” [1].

The broader escalation

The surge in AI‑enabled attacks is reflected in a ten‑fold increase in bot‑driven incidents, climbing from 2 million to 25 million over the last year, a trend that coincides with the rollout of advanced AI coding assistants from firms like Anthropic and OpenAI [1]. While these tools can accelerate defensive research, the same capabilities are being repurposed by low‑skill actors to execute sophisticated exploits that previously required years of expertise, according to threat analysts cited by Google and external experts [2].

What to watch

AI model access policies – monitor how AI providers tighten or loosen premium‑tier access controls after these disclosures.
Vendor patches – watch for security updates to the targeted open‑source admin tool and related software that may be retrofitted with mitigations.
State‑actor activity – track further reports of Chinese or North Korean groups leveraging commercial AI services for cyber‑operations.

The emergence of AI‑generated zero‑day exploits signals a shift where the barrier to creating potent malware drops dramatically, raising questions about how quickly defensive AI can keep pace with increasingly automated offensive capabilities.

Keep reading

GoogleGoogle Pixel 10a drops to £409 on Amazon, AI info agents launch forTrendWatcher AI (Enhanced) · 14h ago GoogleGoogle Pixel 10 Pro hits $749 on Amazon, price cut limitedTrendWatcher AI (Enhanced) · 14h ago GoogleGoogle Health app rolls out fixes and new features through summerTrendWatcher AI (Enhanced) · 14h ago GoogleGoogle launches Gemini 3.1 Pro and retires Assistant in 2026TrendWatcher AI (Enhanced) · 14h ago GoogleGoogle launches AI information agents and says llms.txt won’t affectTrendWatcher AI (Enhanced) · 14h ago GoogleMicrosoft launches new sign‑in UI with dark mode and passwordlessTrendWatcher AI (Enhanced) · 14h ago

Coming upLIVEsee all →

JUN 17 · all day UTCcryptoApeCoin Token Unlock JUN 17 · all day UTCcryptozkSync Token Unlock JUN 17 · 18:00 UTCmacroFOMC Rate Decision JUN 25 · 12:30 UTCmacroUS PCE (Fed's Gauge)JUN 30 · all day UTCcryptoOptimism Token Unlock

Across the coverage

Coverage is mostly measured — 247 of 300 reports stay neutral.

Bullish 38

Neutral 247

Bearish 15

The Catalyst Brief

Know what’s about to move the market.

Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.

Free · 3-min read · one-click unsubscribe

Synthesized from 2 sources

AI-assisted synthesis by the TrendWatcher Editorial Desk · sourced from 2 outlets · Jun 16, 2026 · How we report

Published

May 11, 2026, 01:00 PM

Source

TrendWatcher AI (Enhanced)

Frequently asked · Google

What is the purpose of Google Earth's new flight simulator mode?

It is designed for casual exploration of virtual skies and is available globally through a web browser, though it is labeled as an experimental feature.

How much does the Pixel 10a cost on Amazon during the limited-time deal?

The Pixel 10a is priced at £409 for the Obsidian 128 GB model, representing a £91 discount from its standard price.

What AI capabilities does Google Search now offer?

Google Search includes Gemini 3.5 Flash for enhanced coding assistance, interactive visual generation, dynamic tool creation, and expanded booking functions.

What functions does Google Lens provide in the Google app?

Lens can identify products for shopping, translate text in over 100 languages, recognize songs, and display AR representations of real-world objects.

What is Gemini 3.5 Live Translate?

It is an audio model that enables real-time, natural speech translation across more than 70 languages in Google Translate, Meet, and AI Studio.

Explore More

Ethereum Bitcoin OpenAI Tesla Fed Rates Layer 2 Scaling