AI Is Now Writing Its Own Hacking Code: The New Era of Cyber Warfare

Daniel Kim 2026.05.22 Views

Translation result.

Image generated by AI to illustrate the article

We have entered an era in which artificial intelligence can develop zero-day vulnerabilities on its own — work that once took human hackers weeks or months.

A report released April 11, 2026, by Google’s Threat Intelligence Group (GTIG) confirms that stark reality with data and forensic evidence.

GTIG says it was the first to observe signs that AI discovered a zero-day exploit that bypassed web-based two-factor authentication (2FA) and even generated an executable attack script in Python.

The smoking gun was, paradoxically, an AI hallucination: analysts found fabricated vulnerability scores embedded in the script for flaws that did not exist, confirming the machine had manufactured the attack weapon.

Briefing on the spread of AI-driven hacking / Yonhap News

This is more than a technical milestone. That state-backed threat actors from North Korea, China and Russia have all aggressively adopted AI-driven hacking automation at the same time signals a structural rupture across the security landscape.

The most immediate and dangerous threat is North Korea. GTIG’s analysis shows the North Korea-linked group APT45 repeatedly fed thousands of prompts to AI systems to automatically validate attack code.

That appears to be a deliberate strategy to rapidly build vulnerability databases and massive repositories of attack code using AI.

추론형 — Warning signs of inference-style attackers / Yonhap News

North Korea’s cyber-driven foreign-currency operations already approach wartime scale. Blockchain analytics firms such as Chainalysis estimate North Korea-linked hackers have stolen 3.6–4.2 trillion KRW (about $2.7–$3.15 billion) in virtual assets since 2016. South Korean intelligence estimates that include unreported losses and assets in laundering raise that figure to roughly 10 trillion KRW (about $7.5 billion).

The 342,000 Ether stolen in the 2019 Upbit breach has since grown to roughly 1 trillion KRW in value (about $750 million) at current prices, and in November 2025 the Lazarus Group struck another domestic exchange, inflicting damages in the several-hundred-billion KRW range (hundreds of millions of dollars).

UN Security Council expert panels have repeatedly warned that these cash flows feed North Korea’s nuclear and missile programs. With AI acting as an amplifier, North Korea’s attacks will be harder to predict, and the consequences — including theft of defense technologies and state secrets — go far beyond economic loss.

Alert on AI agent privilege attacks / News1

China and Russia: From autonomous AI reconnaissance to polymorphic malware

China and Russia have also entered the race to automate hacking with AI. Anthropic disclosed that in November 2025 a China government-linked group manipulated the coding AI \”Claude Code\” to automatically reconnoiter and attack about 30 global targets, including IT firms, financial institutions and chemical manufacturers.

Another China-linked group reportedly assigned AI the role of a \”virtual security expert\” to autonomously probe vulnerabilities in industrial control systems (ICS) and operational technology (OT), carrying out autonomous reconnaissance attacks against Japanese tech companies.

Russia is using AI to automatically generate polymorphic malware that interacts with large language models during execution to evade detection. Mandiant’s \”M‑Trends 2026\” report says average time to detect a breach rose from 11 days in 2023 to 14 days in 2024 — a sign that AI-based attacks are evolving to deliberately delay discovery.

AI-driven automatic target selection / News1

Microsoft’s analysis provides hard numbers on that refinement: AI-generated phishing emails had a 54% click-through rate — 4.5 times the 12% rate for typical phishing — demonstrating that human-level natural language ability structurally increases the success of social-engineering attacks.

Even security-focused AI has been breached — the ‘AI vs. AI’ dilemma

Defenders are also deploying AI aggressively, but those tools have become new attack targets. Anthropic limited a preview of its cybersecurity model \”Claude Mythos\” to trusted tech firms in early April 2026, yet that same month a third-party partner incident allowed unauthorized access by multiple parties. Security experts warn that if hackers obtain Mythos, they could discover and weaponize vulnerabilities faster than organizations can push out patches.

OpenAI’s security-tuned model \”GPT-5.4-Cyber\” and LLM-based detection modules from established firms like CrowdStrike and Palo Alto Networks are strengthening defenses, but regulatory gaps persist. The U.S. and EU have begun labeling cybersecurity-related models as \”high-risk\” in AI safety discussions, yet a practical global security and counterintelligence framework for AI-based attacks from North Korea, China and Russia is still lacking.

The three states’ full-scale, AI-led offensive in the unseen cyber domain has already begun. Confronted with a completely new threat architecture that passive defenses cannot stop, South Korea’s defense industry, financial sector, virtual-asset markets and critical infrastructure are all within range.