Read our new report on AI-powered threats and our latest defenses.

Source: Google Date: 2026-05-11 URL: https://blog.google/innovation-and-ai/infrastructure-and-cloud/google-cloud/google-threat-intelligence-group-report/

Summary

Google’s Threat Intelligence Group released a report documenting the first confirmed case of an attacker using a zero-day exploit believed to have been developed with AI assistance — a significant escalation from AI-assisted phishing and social engineering to AI-assisted vulnerability research on the offensive side. On the defensive side, Google describes its layered response: Gemini-based classifiers protecting the model surface, the Big Sleep tool for automated vulnerability discovery, and CodeMender for AI-driven remediation. The report frames AI as a dual-use force already in active deployment on both sides of the threat landscape.

Implications

• AI security threat landscape thread. The first confirmed AI-developed zero-day is a calibration event — the question was when, not if. It validates the “AI levels the asymmetry in attacker capability” thesis and will accelerate defensive AI investment across vendors.
• Gemini-as-security-platform thread. Google is positioning Gemini not just as a productivity model but as core security infrastructure: Big Sleep, CodeMender, and the classifier layer are all Gemini applications. This is a direct signal that AI labs’ internal models are the first line of defense against AI-generated attacks, closing the loop on who is responsible for the infrastructure they release.
• AI governance and compliance thread. A documented AI-assisted zero-day strengthens regulatory arguments for mandatory disclosure and provenance tracking of AI-generated code. Watch for downstream impact on CISA guidance and EU Cyber Resilience Act implementation timelines.