Google researchers have identified what they say is the first known case of hackers using AI-powered malware in a real-world cyberattack, according to findings published today.

Why it matters: The discovery suggests adversarial hackers are moving closer to operationalizing generative AI to supercharge their attacks.

Driving the news: Researchers in Google's Threat Intelligence Group have discovered two new malware strains — PromptFlux and PromptSteal — that use large language models to change their behavior mid-attack.

• Both malware strains can "dynamically generate malicious scripts, obfuscate their own code to evade detection and leverage AI models to create malicious functions on demand," according to the report.

Zoom in: Google's team found PromptFlux while scanning uploads to VirusTotal, a popular malware-scanning tool, for any code that called back to Gemini.

• The malware appears to be in active development: Researchers observed the author uploading updated versions to VirusTotal, likely to test how good it is at evading detection. It uses Gemini to rewrite its own source code, disguise activity and attempt to move laterally to other connected systems.
• Meanwhile, Russian military hackers have used PromptSteal, another AI-powered malware, in cyberattacks on Ukrainian entities, according to Google. The Ukrainian government first discovered the malware in July.
• Unlike conventional malware, PromptSteal lets hackers interact with it using prompts, much like querying an LLM. It's built around an open-source model hosted on Hugging Face and designed to move around a system and exfiltrate data as it goes.

Reality check: Both malware strains are pretty nascent, Google says. But they mark a major step toward the future that many security executives have feared.

Between the lines: PromptSteal's reliance on an open-source model is something Google's team is watching closely, Billy Leonard, tech lead at Google Threat Intelligence Group, told Axios.

• "What we're concerned about there is that with Gemini, we're able to add guardrails and safety features and security features to those to mitigate this activity," Leonard said. "But as (hackers) download these open-source models, are they able to turn down the guardrails?"

The big picture: The underground cyber crime market for AI tools has matured significantly in the past year, the report says.

• Researchers have seen advertisements for AI tools that could write convincing phishing emails, create deepfakes and identify software vulnerabilities.
• That makes it easier for even unskilled cyber criminals to launch attacks well beyond their own capabilities.

Yes, but: Most attackers don't need AI to do damage and are still overwhelmingly relying on common tactics like phishing emails and stolen credentials, incident responders have told Axios.

• "This isn't 'the sky is falling, end of the world,'" Leonard said. "They're adopting technologies and capabilities that we're also adopting."

Go deeper: AI is about to supercharge cyberattacks

Google is adding its Gemini chatbot to Maps, letting users get chatty with their navigation app across Android, iOS and their cars.

Why it matters: Nearly three years since ChatGPT's explosive launch, the tech giants are now banking on the idea that everyone wants a chatbot everywhere.

The big picture: Google announced new AI features coming to Maps on Android, iOS, Android Auto and eventually Apple's CarPlay.

• Adding a conversational navigation system, Google says, allows for hands-free interactions like pinpointing unmarked turns, reporting crashes or finding out what parking is like at different places.
• A year ago Google started adding AI to Google maps to help summarize reviews and answer questions about places, but the chatbot hasn't been embedded into the navigation system yet.

Between the lines: Gemini draws on real-time data from over 250 million mapped places.

• The AI additions are meant to solve the problem of confusing directions like, "In 500 yards turn left," when it's hard as a driver to know what 500 yards really is.
• Instead Gemini will use the regularly updated data from Google Street View to tell you a more distinct landmark where you should turn.

Reality check: Google has faced scrutiny over traffic havoc and even death for steering drivers onto unsafe paths.

• But Google says the new AI features don't use Gemini to generate a route or decide where you should turn.
• It will announce landmarks that you'd be able to see in street view, but it's designed for hands-free navigation while driving or walking, without looking at your phone.

The intrigue: Some of the new features lead people back into their phones instead of human interaction.

• In a demo with reporters yesterday, Google explained that if you're walking by a restaurant with a crowd lined up outside, you can ask Gemini in Maps what the place is, why it's so popular or "What's the vibe like here?"
• That's as opposed to asking the people themselves.

Stocks sold off yesterday as investors' jitters about an AI bubble grew stronger.

By the numbers: The tech-heavy Nasdaq sank 2%, leading all major indexes in the red.

• One of the hottest tech stocks of the last two years, Palantir Technologies, led the fall, closing down 7.9% despite an upbeat outlook this week.
• The issue? It wasn't enough for Wall Street analysts to justify its sky-high valuation, after the stock more than quadrupled over the last year.

Zoom out: Investors applied the risk-off sentiment to a host of other AI stocks that have all soared this year: Oracle fell 3.8%, Nvidia fell 3.9% and AMD slipped 3.7%.

What to watch: Whether the retail investors who've so eagerly bought dips in the market this year come rushing in again today.

• Amazon sent a letter demanding that Perplexity stop its AI browser from automatically purchasing goods on behalf of customers, while Perplexity decried Amazon's efforts as "bullying." (Bloomberg, CNBC)
• Exclusive: A newly introduced bipartisan bill would require large companies and federal agencies to report AI-related layoffs, hires, and retraining to the Labor Department. (Axios)
• Stability AI emerged largely victorious in a British court ruling in Getty's case alleging copyright and trademark infringement. (AP)
• OpenAI launched an Android version of its Sora video app. (TechCrunch)

For those who didn't get enough butterflies on Monday, I wanted to share this awesome TED talk I remembered hearing last year. And above is a photo taken by my colleague, Sebastian Mei, who went to see them in Mexico.