Google’s Threat Intelligence Group said it had for the first time caught hackers using AI to discover and exploit a so-called zero-day vulnerability, or a security flaw the software’s developer does not yet know exists and for which no fix is available.
it you want the insight of a real hacker who knows how to find a zero day and tried using AI to do it, watch this video: https://youtu.be/BLqRiL_GY3A
TL;DR: it’s possible, if you pre chew it for AI (it’s very bad at decompiling), focus on a known type of vulnerabilities (so you’re already an expert because you know how it looks like and can direct the AI to look for that pattern), you end up spending a big amount of money for an exploit on a piece of software where its maintainer doesn’t have a bug bounty or pay so low that it’s not even covering the tokens used on the LLM.