Jakarta, INTI - A recent report by the Google Threat Intelligence Group (GTIG), revealed that artificial intelligence (AI)-based cyberattacks are now entering a more mature and organized phase. AI is said to be no longer merely an experimental tool but has become a core part of industrial-scale hacking operations.
For the first time, Google has discovered indications of zero-day exploits believed to have been developed using AI and prepared for mass attacks before being detected early.
"GTIG has identified threat actors using zero-day exploits that we believe were developed with AI," Google stated.
According to the company, AI-based coding capabilities are now accelerating the development of polymorphic malware and attack infrastructure that are more difficult for traditional security systems to detect. AI technology allows attackers to quickly create obfuscation networks, automated decoy logic, and malware variations to evade cyber defenses.
In one of its findings, Google analyzed AI-based malware called PROMPTSPY, which is capable of autonomous attack orchestration. The malware can read the victim's system state and dynamically generate commands without direct human intervention.
"This approach allows threat actors to offload operational tasks to AI for large-scale, adaptive activities," GTIG wrote.
Other Cybercrimes Using AI
In addition to malware, AI is also increasingly used in digital information operations and propaganda. Generative AI models are being used to create artificial media, deepfakes, and build false digital consensus on a large scale.
Furthermore, threat actors are said to have begun building specialized infrastructure to gain anonymous access to premium AI models by leveraging professional middleware and automated registration systems. Google also warned of new threats to the AI supply chain.
Despite the increasing threat, Google believes AI can also be a cyberdefense tool. The company claims to have used AI agents like Big Sleep to detect software vulnerabilities and Gemini's reasoning capabilities through its CodeMender system to automatically patch security vulnerabilities.
Google also confirmed that no apps containing PROMPTSPY were found on Google Play and that Android users remain protected through Google Play Protect, which is active by default.
Conclusion
Google Threat Intelligence Group (GTIG) revealed that AI-based cyberattacks are now increasingly mature and organized. In addition to being used for cyberattacks, AI is also being used in digital propaganda, deepfakes, and information operations. Google also warned of threats to the AI supply chain that could open access to corporate networks for ransomware and digital extortion. However, Google said AI is also being used as a cyberdefense tool through systems such as Big Sleep and CodeMender to detect and fix automated security vulnerabilities.
Read more: NVIDIA to Invest Up to Rp36.4 Trillion in IREN’s AI Data Center Expansion