Google: AI-driven attacks have shifted from early experiments to industrial scale

Earlier we discussed how AI is being used for vulnerability discovery and exploit generation, malware development and social engineering. You've also likely seen reports of AI being used for reconnaissance, attack facilitation, and information operations involving deepfakes and generated content — areas that are referenced in the latest report by Google Threat Intelligence Group.

The report also includes lesser-known but illustrative examples showing how attackers are adopting increasingly sophisticated ways to leverage AI. Here are a few highlights:

♦ Researchers have for the first time identified a 0-day exploit used in a real attack, reportedly developed with AI assistance. The exploit code used to bypass 2FA in a popular web-based system administration tool contained redundant comments and structured data formatted in a manner typical for LLM training datasets.

♦ Ongoing experiments with AI-based malware obfuscation have been observed. Techniques include dynamic payload generation, just-in-time dynamic modification of source code, and the insertion of decoy code that mimics legitimate activity to hinder analysis.

♦ One of the most notable cases of AI‑enabled autonomous attacks is the Android backdoor PROMPTSPY, which uses AI components to facilitate automated interaction with the targeted device. The malware can simulate physical user actions and intercept PINs or unlock patterns to regain access to the device without user involvement.

At the same time, AI itself is increasingly becoming a target. Attackers actively target the AI ecosystem through supply chains: injecting malicious logic into popular libraries or configuration files to gain access to production environments that rely on AI technologies. One cited example involves exploitation of OpenClaw AI agents; we previously published a collection of related security issues.

AI is increasingly employed not only during reconnaissance and initial access but also across later stages of the attack chain. It can now potentially assist adversaries at every step — even partially automating decision‑making once handled by humans. In this role, AI makes attacks more adaptive, less human‑dependent, and potentially more resilient to traditional detection and defense methods.