North Korean, Chinese hackers using AI to find cybersecurity blind spots: Google
Synopsis
Google's threat intelligence report reveals that North Korea's APT45 and Chinese state-sponsored hackers are now using AI to automate the discovery of cybersecurity blind spots — a first-of-its-kind escalation. Google also blocked what it says is the first confirmed AI-assisted zero-day mass exploitation attempt, raising urgent questions about AI's role in the future of cyber warfare.
Key Takeaways
Google published a threat intelligence report on 12 May identifying North Korean and Chinese state-sponsored hackers as actively using AI for cybersecurity vulnerability research.
APT45 , a North Korean hacking group, used AI to send thousands of recursive prompts to identify exploitable cybersecurity blind spots.
Google blocked what it describes as the first known AI-assisted zero-day mass exploitation attempt by a criminal hacking group.
Anthropic's new AI model Claude Mythos , designed to detect software vulnerabilities, has been restricted from public release due to dual-use concerns.
The development marks a significant escalation in nation-state cyber capabilities, lowering the barrier for large-scale attacks.
Google has revealed that state-sponsored hackers from North Korea and China are actively leveraging artificial intelligence (AI) to detect previously unknown cybersecurity vulnerabilities, marking a significant escalation in the sophistication of nation-state cyber threats. The findings, published in a report on Tuesday, 12 May, were released by Alphabet's threat intelligence group.
Key Findings from the Google Report
Google's threat intelligence group noted a "particular interest from several clusters of threat activity associated with the People's Republic of China (PRC) and the Democratic People's Republic of Korea (DPRK)" in using AI for vulnerability research. The report highlighted that these actors have already demonstrated sophisticated approaches to exploiting AI tools for cybersecurity reconnaissance.
Specifically, North Korea's hacking group APT45 was identified as having leveraged AI to send thousands of repetitive prompts that recursively analyse different cybersecurity blind spots for possible exploitation. This represents a qualitative leap from conventional hacking methods, which typically rely on human-led analysis of known vulnerability databases.
First Known AI-Assisted Zero-Day Discovery Blocked
In a notable development, Google said it used AI to detect hackers from a criminal group employing a "zero-day exploit" — a vulnerability unknown to the targeted organisation or developer — that was planned for use in a "mass exploitation" campaign. The attempt was blocked before it could be executed.
According to the report, this marks the first time Google has identified attackers using AI to find new vulnerabilities and exploit them on a mass scale. Zero-day exploits are particularly dangerous because organisations have no prior warning and therefore no time to patch systems before an attack occurs.
Context: Anthropic's Restricted AI Security Model
The report comes amid renewed global attention on AI-driven cybersecurity tools. Anthropic, a US-based AI startup, recently introduced Claude Mythos, its latest AI model specifically designed to detect software security vulnerabilities. Notably, Anthropic has chosen not to release the model publicly, restricting access to a select number of companies and institutions for defence security testing — a decision that reflects growing concern over dual-use risks of powerful AI security tools.
Broader Implications for Global Cybersecurity
The convergence of AI capabilities with state-sponsored hacking operations represents a new frontier in cyber warfare. Historically, nation-state actors such as those linked to North Korea and China have relied on large teams of skilled operatives to probe systems manually. AI-assisted reconnaissance dramatically reduces the time and manpower required to identify exploitable weaknesses, potentially enabling faster and more targeted attacks at scale.
This is not the first time APT45 has attracted international attention — the group has previously been linked to attacks on critical infrastructure, financial institutions, and defence contractors. The use of AI to automate vulnerability discovery, however, signals a new phase in the group's operational capabilities.
As AI tools become more accessible, cybersecurity experts warn that the barrier to conducting sophisticated attacks is lowering, raising the stakes for both governments and private sector organisations worldwide. Further disclosures from Google's threat intelligence team are expected as the research evolves.
Point of View
It is now an offensive weapon in nation-state arsenals. The use of AI by APT45 to automate vulnerability discovery at scale is qualitatively different from previous North Korean cyber operations, which relied on skilled but finite human teams. What is underreported here is the implication for smaller organisations and critical infrastructure operators in India and the broader Indo-Pacific, who lack the AI-powered defences that Google deploys. The Anthropic angle is equally telling — even a leading AI safety company is grappling with whether to release a vulnerability-detection model, underscoring that the dual-use dilemma is no longer theoretical.
NationPress
12 May 2026
Frequently Asked Questions
What did Google's threat intelligence report reveal about North Korean hackers?
Google's report found that North Korea's hacking group APT45 has been using AI to send thousands of recursive prompts to identify cybersecurity blind spots for potential exploitation. This marks a significant escalation in the group's operational sophistication, representing the first confirmed instance of AI being used to discover and exploit new vulnerabilities at scale.
What is a zero-day exploit and why is it dangerous?
A zero-day exploit targets a software vulnerability that the affected organisation or developer is unaware of, leaving no time to patch or respond before an attack occurs. Google's report noted it blocked a criminal group's AI-assisted zero-day attempt that was planned for mass exploitation — the first such incident Google has publicly identified.
Which countries' hackers were identified in the Google report?
Google's threat intelligence group identified state-sponsored actors linked to both North Korea (DPRK) and China (PRC) as showing significant interest in using AI for vulnerability research and cybersecurity reconnaissance.
What is Anthropic's Claude Mythos and why is it restricted?
Claude Mythos is a new AI model developed by US startup Anthropic, specifically designed to detect software security vulnerabilities. Anthropic has chosen not to release it publicly, limiting access to select companies and institutions for defence security testing, citing concerns over potential misuse of such a powerful dual-use tool.
Why does AI-assisted hacking represent a new threat level?
AI dramatically reduces the time and manpower needed to identify exploitable vulnerabilities in systems, enabling faster and more targeted attacks at scale. Previously, nation-state hackers relied on large teams of skilled operatives for manual reconnaissance; AI automates this process, lowering the barrier for sophisticated cyber operations.
