AI helps hackers find flaws no scanner can catch, Google warns

EuroNews · 🇫🇷 public France · May 27, 2026 · 687 words · By Una Hajdari

Cybersecurity Threats Artificial Intelligence Risks State-Sponsored Hacking

headphones Listen to the eFinder podcast briefing

Ready to play

Daily briefing

What to know about Cybersecurity Threats

For the first time, hackers have used artificial intelligence to find and exploit a security flaw that no automated scanner would have caught – and Google says only its own active monitoring stopped a mass attack.

Claims checked 9

Techniques found 2

Topics 3

Coverage spectrum

Coverage gap: Low Left coverage

Left0%

Center100%

Right0%

3 sources compared across this story cluster. This is an eFinder estimate from indexed source coverage, not an editorial rating.

What happened

Why it matters

Artificial intelligence has made it easier to write emails, generate spreadsheets and plan holidays, as the widespread popularity of the various AI models can attest.

Common ground

It has also, according to a recent Google report, made it considerably easier to figure out previously unmapped or impossible-to-predict gaps in the software of our systems.

Perspective signals

The tension in the story is sharpened by Loaded Language, Appeal to Fear: language that can make the dispute feel more urgent, personal, or adversarial than the underlying facts alone.

Follow-up questions

What new context would change how readers understand this Cybersecurity Threats story?
What evidence would most clearly confirm or weaken the claim that Threat actors associated with the People’s Republic of China (PRC) and the Democratic People's Republic of Korea (DPRK) have also demonstrated significant interest in capitalizing on AI for vulnerability discovery?
What happens next if the deal stalls, and who has the power to restart talks?

open_in_new Read the original article: https://www.euronews.com/next/2026/05/27/hackers-are-using-ai-to-find-security-f…

psychologyPropaganda Techniques Detected

eFinder identified 2 propaganda techniques in this article. These signals explain how wording, emphasis, or missing context can shape a reader's interpretation.

warning

Loaded Language 80% confidence

Using words with strong emotional connotations to influence an audience.

Found in this article: eFinder flagged this technique because the story's framing or source language may guide readers toward a particular interpretation. Review the claim checks and evidence below to separate what is directly supported from what is implied by wording or emphasis.

Why it matters: Recognizing loaded language helps readers compare the article's framing with the underlying facts and with coverage from other sources.

warning

Appeal to Fear 70% confidence

Building support by instilling anxiety or panic in the audience.

Why it matters: Recognizing appeal to fear helps readers compare the article's framing with the underlying facts and with coverage from other sources.

fact_checkClaims Checked

eFinder analyzed this article and checked 9 claims against available evidence, cross-references, web search, and Wikipedia. Here is what the fact-checking layer found.

check_circle Corroborated 8

help Insufficient Evidence 1

check_circle

Claim 1: “Threat actors associated with the People’s Republic of China (PRC) and the Democratic People's Republic of Korea (DPRK) have also demonstrated significant interest in capitalizing on AI for vulnerability discovery.”

CORROBORATED

Multiple sources discuss the use of AI for vulnerability discovery by state-sponsored actors, specifically mentioning North Korean groups (APT45) and general trends involving China and North Korea.

menu_book

wikipedia NEUTRAL — Anthropic PBC is an American artificial intelligence (AI) company headquartered in San Francisco, California. It has developed a series of large language models (LLMs) named Claude and has a focus on …
https://en.wikipedia.org/wiki/Anthropic

menu_book

wikipedia NEUTRAL — The economy of North Korea is a centrally planned economy, following Juche, where the role of market allocation schemes is limited, although increased to an extent. As of 2024, North Korea continues …
https://en.wikipedia.org/wiki/Economy_of_North_Korea

menu_book

wikipedia NEUTRAL — China's stockpile of nuclear weapons is the world's third-largest, estimated at 620 nuclear warheads as of 2026. China was the fifth country to develop nuclear weapons, conducting its first test in 19…
https://en.wikipedia.org/wiki/Nuclear_weapons_of_China

+ 3 more evidence sources

check_circle

Claim 2: “The target was a popular web-based system administration tool and the flaw allowed attackers to bypass two-factor authentication”

CORROBORATED

Web search results specifically identify the target as a web-based admin tool and the exploit as a 2FA bypass.

travel_explore

web search NEUTRAL — A zero-day exploit is a cyberattack that uses an unknown software vulnerability before the developer has a chance to fix it. Because the software vendor has ...
https://www.oligo.security/academy/zero-day-exploit-risks-fa…

travel_explore

web search NEUTRAL — May 11, 2026 · Google's Threat Intelligence Group has confirmed a first-of-its-kind finding: threat actors used generative AI to craft a working zero-day ...
https://www.linkedin.com/posts/jnitterauer_google-hackers-us…

travel_explore

web search NEUTRAL — Attackers create convincing fake login pages that proxy authentication requests to legitimate services. Victims enter their credentials and verification codes ...
https://www.oloid.com/blog/2fa-bypass

help

Claim 3: “Google's own AI tools flagged the zero-day before it could cause damage”

INSUFFICIENT EVIDENCE

While evidence confirms Google's Threat Intelligence Group caught the zero-day and patched it, there is no specific mention in the provided evidence that 'Google's own AI tools' were the mechanism that flagged it; the evidence mentions 'active monitoring' and 'intercepted' by the group.

check_circle

Claim 4: “Chinese and North Korean state-sponsored hackers are using AI to hunt for vulnerabilities at an industrial scale, sending automated prompts to probe for weaknesses in everything from home routers to corporate networks.”

CORROBORATED

Evidence from SecurityWeek and other reports describes North Korean groups sending thousands of prompts to analyze CVEs and validate exploits, supporting the claim of industrial-scale AI-driven probing.

menu_book

wikipedia NEUTRAL — The relationship between the People's Republic of China (PRC) and the United States (US) has been complex and at times tense since the establishment of the PRC on 1 October 1949 and subsequent retreat…
https://en.wikipedia.org/wiki/China–United_States_relations

menu_book

wikipedia NEUTRAL — Japan–South Korea relations are the diplomatic relations between Japan and South Korea. As the Sea of Japan and the Korea Strait geographically separate the two nations, political interactions date ba…
https://en.wikipedia.org/wiki/Japan–South_Korea_relations

menu_book

wikipedia NEUTRAL — State-sponsored Internet propaganda is Internet manipulation and propaganda that is sponsored by a state. States have used the Internet, particularly social media to influence elections, sow distrust …
https://en.wikipedia.org/wiki/State-sponsored_Internet_propa…

+ 3 more evidence sources

check_circle

Claim 5: “Google observed one North Korean group "sending thousands of repetitive prompts that recursively analyze different CVEs and validate PoC exploits"”

CORROBORATED

SecurityWeek explicitly mentions that Google observed the North Korean group APT45 sending thousands of repetitive prompts to recursively analyze CVEs and validate PoC exploits.

menu_book

wikipedia NEUTRAL — ISO 4217 is a standard published by the International Organization for Standardization (ISO) that defines alpha codes and numeric codes for the representation of currencies and provides information ab…
https://en.wikipedia.org/wiki/ISO_4217

menu_book

wikipedia NEUTRAL — A cyberattack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer d…
https://en.wikipedia.org/wiki/List_of_cyberattacks

menu_book

wikipedia NEUTRAL — Zoom Workplace (commonly known and stylized as zoom) is a proprietary videotelephony software program developed by Zoom Communications. The free plan allows up to 100 concurrent participants, with a 4…
https://en.wikipedia.org/wiki/Zoom_(software)

+ 3 more evidence sources

check_circle

Claim 6: “Google's Threat Intelligence Group said it had for the first time caught hackers using AI to discover and exploit a so-called zero-day vulnerability”

CORROBORATED

Multiple independent sources (SecurityWeek, LinkedIn, and other web results) confirm that Google's Threat Intelligence Group reported the first instance of hackers using AI to exploit a zero-day vulnerability in May 2026.

menu_book

wikipedia NEUTRAL — An AI boom is a period of rapid growth in the field of artificial intelligence (AI). The most recent boom happened in the early 2020s before seeing increased acceleration and media coverage. Examples …
https://en.wikipedia.org/wiki/AI_boom

menu_book

wikipedia NEUTRAL — Generative artificial intelligence (GenAI) is a subfield of artificial intelligence (AI) that uses generative models to generate text, images, videos, audio, software code (vibe coding) or other forms…
https://en.wikipedia.org/wiki/Generative_AI

menu_book

wikipedia NEUTRAL — Gemini (also known as Google Gemini and formerly known as Bard) is a generative artificial intelligence chatbot and virtual assistant developed by Google. It is powered by the family of large language…
https://en.wikipedia.org/wiki/Google_Gemini

+ 3 more evidence sources

check_circle

Claim 7: “hackers have used artificial intelligence to find and exploit a security flaw that no automated scanner would have caught”

CORROBORATED

Multiple web search results confirm that hackers have used AI to find and exploit security flaws that traditional automated scanners would miss, specifically citing Google's findings.

travel_explore

web search NEUTRAL — For the first time, hackers have used artificial intelligence to find and exploit a security flaw that no automated scanner would have caught – and Google says only its own active monitoring stopped a…
https://www.euronews.com/next/2026/05/27/hackers-are-using-a…

travel_explore

web search NEUTRAL — Claude Security, launched in 2026 by Anthropic, formalizes this capability for defensive use but the same technology can be weaponized. Security teams need AI-aware defenses that detect prompt-based e…
https://sesamedisk.com/ai-cybersecurity-vulnerability-exploi…

travel_explore

web search NEUTRAL — Automated penetration testing uses software — increasingly AI agents — to discover, exploit, and verify security vulnerabilities in web applications and APIs without a human driving each step.
https://pentrova.ai/resources/what-is-automated-penetration-…

check_circle

Claim 8: “Russian-linked groups, meanwhile, are using AI to develop malware that rewrites itself on the fly to evade detection”

CORROBORATED

Multiple sources confirm Russian-linked groups (such as APT28/FROZENLAKE and GREYVIBE) are using AI (including Gemini and Qwen2.5) to create self-rewriting malware to evade detection.

travel_explore

web search NEUTRAL — Hackers Using AI Tools like Gemini to Make Self-Writing Malware That Evades Detection, Says Google.PROMPTSTEAL, linked to Russia-backed APT28 (also known as FROZENLAKE), uses the Hugging Face API to q…
https://www.medianama.com/2025/11/223-hackers-ai-gemini-malw…

travel_explore

web search NEUTRAL — "GREYVIBE appears to use AI not only for isolated development tasks, but across multiple operational phases. This likely enables the group to compensate for capability gaps, accelerate development cyc…
https://www.theregister.com/research/2026/05/29/russia-linke…

travel_explore

web search NEUTRAL — How Was AI Malware First Detected in the Wild? Researchers from Google’s Threat Intelligence Group documented the first observed instances of malware using AI to change its source code while live on t…
https://moneyoval.com/article/google-uncovers-ai-malware-tha…

check_circle

Claim 9: “attackers are now using AI to map corporate hierarchies and identify specific targets with access to sensitive data and generate "higher-fidelity phishing lures tailored to individuals with administrative privileges"”

CORROBORATED

Web search results from April 2026 confirm that AI agents are being used to map corporate hierarchies via LinkedIn and social media to create high-fidelity phishing lures for privileged users.

travel_explore

web search NEUTRAL — Apr 29, 2026 · AI agents can aggregate data from LinkedIn, news reports, and social media to map out a company's hierarchy and identify the most likely "human ...
https://www.huntress.com/generative-ai-guide/ai-cyberattacks

travel_explore

web search NEUTRAL — Apr 15, 2026 · Attackers map organizational hierarchies, identify who reports to whom, and track job changes that signal new relationships or access privileges ...
https://www.adaptivesecurity.com/blog/spear-phishing-in-2026…

travel_explore

web search NEUTRAL — Attackers often replicate corporate templates, embed known logos, and use stolen email signatures to enhance authenticity. Language is phrased to match the tone ...
https://www.paloaltonetworks.com/cyberpedia/what-is-phishing

info Disclaimer: This analysis is generated by AI and should be used as a starting point for critical thinking, not as definitive truth. Claims are verified against publicly available sources. Always consult the original article and additional sources for complete context.