Google Detects First AI-Generated Zero-Day Attack Code Used by State-Backed Hackers

The article explicitly mentions AI systems being used to develop zero-day exploit codes and conduct cyberattacks, which are harmful acts targeting software vulnerabilities and potentially critical infrastructure. The AI involvement is direct in the development and attempted use of attack codes, which is a clear case of AI use leading to harm or attempted harm. Although the attack was not successful, the direct link between AI use and the creation of harmful exploit code qualifies this as an AI Incident rather than a hazard. The harms involved include cybersecurity breaches and potential disruption or damage to property and communities. Therefore, the event meets the criteria for an AI Incident.

The article explicitly mentions AI systems being used by threat actors to develop zero-day attack codes and conduct autonomous vulnerability exploration, which directly leads to cyberattacks and associated harms. The AI involvement is in the use of AI to develop and execute malicious hacking tools, which is a direct cause of harm to property, organizations, and potentially critical infrastructure. Therefore, this event meets the criteria for an AI Incident as the AI system's use has directly led to realized harm through cyberattacks.

The article explicitly states that AI, particularly large language models, was used to generate attack code that bypassed two-factor authentication in a web management tool, representing a direct use of AI in malicious activity. The AI system's role in automating and enhancing cyberattacks that exploit zero-day vulnerabilities directly leads to harm in terms of cybersecurity breaches, which can disrupt systems and compromise data. The mention of specific hacking groups using AI tools further supports the direct involvement of AI in causing harm. Hence, this is an AI Incident rather than a hazard or complementary information.

The article explicitly mentions AI systems autonomously generating zero-day attack code and being used by state-backed hacking groups to conduct cyberattacks, espionage, and psychological operations. These activities have directly led to harm, including security breaches, development of malware, and disinformation campaigns, which fall under violations of rights and harm to communities. The AI's role is pivotal in enabling these attacks and increasing their scale and sophistication. Hence, this event meets the criteria for an AI Incident rather than a hazard or complementary information.

The article explicitly describes AI systems autonomously finding zero-day vulnerabilities and generating attack code used in real cyberattacks by state-backed groups (North Korea's APT45, China-linked actors, Russia). This use of AI has directly led to harm in the form of cyberattacks, which disrupt digital infrastructure and threaten information security, fitting harm categories (b) and (d). The involvement of AI in both offensive and defensive cyber operations is clear, with AI systems playing a pivotal role in causing and mitigating harm. Hence, this is an AI Incident rather than a hazard or complementary information.

The article explicitly describes AI systems being used by malicious actors to develop and deploy zero-day exploit codes and AI-enhanced cyberattacks, including deepfake media for information operations. These activities have already led to or pose direct harm to cybersecurity, information integrity, and potentially national security, which are harms to communities and critical infrastructure. The AI involvement is clear and central to the incident, and the harms are realized or ongoing. Hence, this qualifies as an AI Incident rather than a hazard or complementary information.