Episode 181: AI Zero Days (Google Threat Intelligence Report)

Google Threat Intelligence Group's latest report confirms AI zero days are here and scaling fast. In this episode of the Cyber Threat Perspective podcast, Brad and Spencer break down how adversaries are weaponizing AI across vulnerability discovery, exploit development, malware operations, and reconnaissance. The shift isn't just about AI replacing attackers: it's about making attack workflows faster, more scalable, and more repeatable. Plus, AI platforms themselves are becoming prime targets. Chapters: 00:03 Google Threat Intelligence report overview: AI attacks at scale 01:34 First confirmed AI-generated zero-day exploit in the wild 03:01 Intentional prompts and persona-based AI manipulation 04:59 Claude skills: 85,000 vulnerability cases weaponized 06:50 APT45 and automated vulnerability research at scale 08:27 AI-powered obfuscation and dynamic payload generation 12:30 Autonomous attack orchestration beyond content generation 15:45 PromptSpy: AI navigating Android UI for persistence 18:20 AI-enhanced OSINT and social engineering operations 22:15 Information operations: deepfakes and fabricated content 25:40 Attacking AI dependencies and supply chain targets 28:30 TeamPCP targeting AI environments for initial access 32:20 March 2026 supply chain attacks: Trivy, Checkmarx, LiteLLM 35:15 Mini Shai-Hulud worm and AI infrastructure targeting 37:34 Defensive considerations: inventory and zero trust principles 40:11 Why foundational security practices matter more than ever What you'll learn: Google confirmed the first zero-day exploit developed entirely with AI, identified by hallucinations and code patterns that revealed its artificial origin. APT45 is sending thousands of repetitive prompts to recursively analyze CVEs and validate exploits, turning vulnerability research into an industrial operation. Attackers are using Claude skills with 85,000 real-world vulnerability cases to teach AI systems how to find and exploit specific vulnerability types. AI platforms and dependencies are becoming attack targets themselves, with TeamPCP and others focusing on AI supply chains for initial access. The Mini Shai-Hulud worm represents a new class of threats specifically designed to target AI infrastructure and related dependencies. 🔔 Subscribe for new episodes every week on cybersecurity, threat intelligence, and AI security. 📖 More content: https://offsec.blog 🛡️ Work with us: https://securit360.com 📋 Google Threat Intelligence Report: https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access 🔒 Google's Secure AI Framework: https://blog.google/innovation-and-ai/technology/safety-security/introducing-googles-secure-ai-framework/ #CyberSecurity #AI #ThreatIntelligence #Google #VulnerabilityResearch #APT45 #AIAttacks #ZeroDay #SupplyChain #CyberThreatPerspective #MalwareAnalysis #OSINT #Deepfakes #AIDefense #InfoSec