Google: AI hacking became an industrial-scale threat in three months

Google's threat analysis team released a shocking report: AI-powered hacking in just three months transformed from a niche threat of the future into a real, industrial-scale phenomenon. Criminal groups and state actors are already using commercial AI models to search for, develop, and scale cyberattacks.

From Theory to Practice in Three Months

The escalation speed is unprecedented. Late in 2025, discussions of AI in the context of hacking were mostly confined to academic circles, with only a handful of enthusiasts engaging in vulnerability research. Now it is a mass phenomenon. Google is not registering individual incidents, but a systemic trend: organizations worldwide are facing waves of attacks where vulnerability discovery, malware generation, and phishing are coordinated using AI. The report does not disclose specific numbers of breaches, but the hint at "industrial scale" speaks for itself. We are no longer talking about dozens of incidents, but hundreds or thousands. It will only get worse: AI availability is growing, prices are falling, and criminals are learning to optimize hacking tools.

Who Uses AI for Attacks

Google identifies several categories of threatening actors:

• Organized criminal groups — use AI for automated vulnerability searching, phishing campaign development, malware code generation
• State intelligence services — employ more sophisticated techniques, including targeted attacks on critical infrastructure
• Independent hackers and small groups — previously struggled to compete against professionals; now AI has leveled access to tools
• Ready-made DaaS platforms — services appearing on dark markets offering propositions like "AI-powered exploit code development on demand"

Google does not specify which AI models attackers use, but it is clear that commercial solutions (GPT, Claude, local models) are involved. There is no need for secret developments — standard LLMs are powerful enough.

Why AI Is So Effective for Hackers

AI's strength lies in how it sees code and systems differently than humans. Models are trained on millions of lines of code and documentation. Here's what results:

• Total vulnerability discovery — AI scans millions of lines and finds potential holes thousands of times faster than humans
• Working exploit code generation — what previously required hours of manual work by an experienced hacker is now written in minutes
• Personalized phishing — AI creates emails and messages that appear more natural and convincing
• Defense adaptation — when a company closes one vulnerability, AI retrains itself and finds alternative paths

Most dangerous: AI does not get tired, does not make mistakes from boredom, can keep millions of targets in its sights simultaneously. If an old-school hacker could check a dozen companies in a week, AI checks a million.

What This Means

This is a signal to escalate. Google is not simply reporting a new threat — this is a warning that security by the old rules is over. Protection from AI-powered attacks requires something completely different: continuous vulnerability hunting by red teams, AI-powered monitoring, architecture designed for the reality that breaches can happen at any moment. The coming months will be critical for companies that don't invest in security modernization.