Cybersecurity researchers at Google say state-backed hacking groups linked to North Korea and China are showing growing interest in using artificial intelligence to uncover and potentially exploit previously unknown software vulnerabilities.
In a threat intelligence report released Tuesday, Google said it observed “significant interest” from multiple clusters of activity associated with both the People’s Republic of China (PRC) and the Democratic People’s Republic of Korea (DPRK) in applying AI tools to vulnerability discovery and offensive cybersecurity research. The company noted that these efforts appear increasingly structured and technically advanced, particularly in automating parts of the research process that were previously done manually.
According to the report, North Korean-linked hackers, including the group tracked as APT45, have experimented with AI-driven techniques that generate large volumes of repetitive prompts. These prompts are designed to recursively test and analyze potential weaknesses across software systems, effectively probing for exploitable blind spots at scale. Google said this approach reflects an emerging trend in which AI is used not just for assistance, but as an active component of vulnerability research workflows.
Google also said it recently used its own AI-based detection systems to identify and disrupt activity from a criminal hacking group preparing to use a zero-day exploit in a large-scale attack. Zero-day vulnerabilities refer to security flaws unknown to developers or vendors at the time of exploitation, leaving no immediate opportunity for defense or patching.
The company described the incident as the first time it has identified attackers using AI specifically to discover new vulnerabilities with the intent of mass exploitation. It warned that the combination of AI tools and state or criminal hacking groups could significantly accelerate the speed and scale of cyberattacks.
The findings come amid rising global concern over the role of artificial intelligence in cybersecurity, particularly as advanced models become more capable of assisting with code analysis and vulnerability detection. In a related development, Anthropic has introduced a new model, Claude Mythos, focused on identifying software security weaknesses. However, the model has not been publicly released and is instead restricted to selected partners for defensive security testing, reflecting growing caution in how powerful AI systems are deployed.
Experts say these developments highlight a shifting cyber threat landscape in which AI is increasingly becoming both a defensive tool and a potential offensive multiplier.