Google stopped a zero-day hack that it says was developed with AI

2026-05-11 · Source: The Verge · Field: Technology & Digital — Cybersecurity & Data Privacy, Artificial Intelligence & Machine Learning · Depth: Intermediate, quick

Summary

Google has identified and neutralized a zero-day exploit developed with AI, marking the first such incident detected by the company. The exploit, attributed to "prominent cyber crime threat actors," aimed to bypass two-factor authentication on an unnamed open-source web administration tool for a "mass exploitation event." Google Threat Intelligence Group (GTIG) researchers found indicators of AI involvement in the Python script, including a "hallucinated CVSS score" and "structured, textbook" formatting. The vulnerability exploited a high-level semantic logic flaw where a developer hardcoded a trust assumption in the 2FA system. This event follows recent discussions about cybersecurity-focused AI models and AI-assisted vulnerability discovery, though Google does not believe its Gemini AI was used in this specific attack.

Key takeaway

For security architects and incident response teams, this incident confirms that AI-assisted zero-day exploits are an active threat. You should prioritize enhancing detection capabilities for AI-generated attack patterns and rigorously audit critical systems, especially two-factor authentication mechanisms, for semantic logic flaws and hardcoded trust assumptions to preempt mass exploitation events.

Key insights

AI is now being used by cybercriminals to develop zero-day exploits, necessitating advanced defensive strategies.

Principles

• AI-generated exploits exhibit distinct formatting patterns.
• Trust assumptions in 2FA systems create critical vulnerabilities.

Method

Hackers employ "persona-driven jailbreaking" to prompt AI for vulnerability discovery and refine AI-generated payloads using tools like OpenClaw in controlled environments before deployment.

In practice

• Monitor for AI-consistent exploit code characteristics.
• Review 2FA implementations for hardcoded trust assumptions.

Topics

• AI-Generated Exploits
• Zero-Day Vulnerabilities
• Two-Factor Authentication Bypass
• Large Language Models
• Cybersecurity Threat Intelligence

Best for: CTO, VP of Engineering/Data, AI Architect, AI Security Engineer, Security Engineer, Director of AI/ML

Related on AIssential

• Google detects AI-assisted cyber exploit before mass attack — AI is now actively used by threat actors to develop zero-day exploits, signaling a new era in cybersecurity.
• Hackers Used AI to Build Zero-Day Attack, Google Researchers Say — Access to Bloomberg.com content requires enabled JavaScript and cookies, as per their policies.
• 😿 AI hackers found a new lane — AI is rapidly advancing both cyberattack capabilities and defensive security measures, particularly in identifying trust-based vulnerabilities.
• Read our new report on AI-powered threats and our latest defenses. — AI is now being used by threat actors for zero-day exploits, necessitating advanced AI-powered defenses.
• Perplexity Comet, agentic blabbering, and the shift-left failure — AI's internal reasoning and code analysis capabilities introduce new attack vectors and reveal hidden vulnerabilities in legacy systems.
• AI-powered hacking has exploded into industrial-scale threat, Google says — AI-powered hacking is an industrial-scale threat, with commercial models used by state and criminal actors.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by The Verge.