Today we’re releasing a report that details the latest observations from Google Threat Intelligence Group (GTIG). The findings include the first time we’ve identified an attacker, or threat actor, using a zero-day exploit that we believe was developed with AI. The threat actor planned to use the exploit in a wide-scale attack, but our proactive counter discovery may have prevented that from happening.

In addition to sharing our findings with the larger security and AI community, Google uses proactive measures to stay ahead of these threats, including enhancing product safeguards and protections.

For Gemini, we mitigate model abuse by through classifiers, in-model protections and by disabling malicious accounts. Furthermore, we leverage AI agents like Big Sleep, which detects software vulnerabilities, and use Gemini’s reasoning capabilities via the likes of CodeMender to automatically fix them. Our efforts prove AI can also be a powerful tool for defenders.

Read the full report on the Google Cloud Threat Intelligence blog.