News · Google reports the first zero-day exploit it believes was built with AI
Google reports the first zero-day exploit it believes was built with AI
GTIG says it caught a threat actor before a wide-scale attack, and points to Big Sleep and CodeMender as its own AI-driven countermeasures.
The specific claim: an AI-developed zero-day, caught before deployment
The headline finding in the Google Threat Intelligence Group (GTIG) report is narrow and specific: Google says this is the first time it has identified a threat actor using a zero-day exploit that it believes was developed with AI. That belief qualifier matters — Google is not claiming certainty about how the exploit was authored, but rather attributing likely AI involvement based on its observations.
The second claim is about timing. Google says the threat actor planned to use the exploit in a wide-scale attack, and that its own proactive counter discovery may have prevented that from happening. Again, the language is hedged — 'may have prevented' — which is honest reporting rather than a victory lap. The practical takeaway is that Google says it found the exploit before it was used at scale, not after damage was done.
How Google says it constrains Gemini itself
The report ties the threat finding to concrete controls on Google's own model. For Gemini, Google lists three mitigation layers against model abuse: classifiers that screen activity, in-model protections built into the system, and the operational step of disabling malicious accounts.
That combination is worth naming precisely because it spans different points in the stack. Classifiers sit around the model, in-model protections are baked into the weights and behavior, and account disabling is an enforcement action on the platform layer. Google is describing defense at the input, the model, and the account level rather than relying on any single guardrail.
Big Sleep and CodeMender: the defensive side of the same capability
The report's argument is that the technique cutting both ways. Google points to Big Sleep, an AI agent it says detects software vulnerabilities, and CodeMender, which it says uses Gemini's reasoning capabilities to automatically fix them. In other words, the same reasoning that can help find or write an exploit is being pointed at finding and patching the underlying flaws.
Our efforts prove AI can also be a powerful tool for defenders.Montana Labs
That framing is the through-line: an offensive use appears in the wild, and Google's response is to describe an offense-detection agent (Big Sleep) paired with an automated-repair agent (CodeMender). The report presents discovery and remediation as a linked pipeline rather than two separate tools.
What this specific report signals for defenders reading it
For teams tracking AI security, the actionable content here is the confirmation of a pattern, not a set of published indicators — the detail lives in the full report on the Google Cloud Threat Intelligence blog. The blog post itself is a summary: it names a first observed instance of a likely AI-developed zero-day, and it names the specific defensive agents Google is deploying in response.
The concrete implication is that vulnerability discovery is becoming a race between AI systems on both sides, and Google is positioning automated detection-plus-repair as the defender's counterpart to AI-assisted exploit development. Whether Big Sleep and CodeMender keep pace is the open question this announcement raises but does not answer.
Find this story relevant to you?
Contact us to find a unique solution
Need an AI engineering partner that can actually build?
We help businesses integrate AI, build AI-powered products, automate high-value workflows, and modernize the software systems behind them.
Related reading
More analysis around product delivery, operational AI, and the systems work that makes deployment hold up in reality.