Tech
Google intercepts AI-developed zero-day exploit
Google intercepts AI-created zero-day exploit, signalling rising threat from cybercriminals leveraging artificial intelligence
Google intercepts AI-created zero-day exploit, signalling rising threat from cybercriminals leveraging artificial intelligence
– Google researchers discovered a cybercrime group using AI to create a zero-day exploit that bypasses two-factor authentication.
– The incident highlights rising AI-assisted cyber threats from nation-linked groups, with expectations for more advanced attacks in future.
Google researchers have reported their discovery of what is believed to be the first instance of a cybercrime group using artificial intelligence (AI) to develop a zero-day exploit. The exploit, identified as a Python script aimed at circumventing two-factor authentication on a popular open-source web administration tool, was intercepted prior to a planned mass exploitation.
AI exploit discovery
The Google Threat Intelligence Group (GTIG) made the discovery while monitoring a partnership among notable cybercriminals preparing for an extensive vulnerability exploitation campaign. The code exhibited clear indications of AI generation, including educational comments and a fictitious CVSS score absent from vulnerability databases.
According to John Hultquist, GTIG’s chief analyst, evidence suggests this incident is likely just the beginning of a larger trend. The identified flaw was a semantic logic error rather than a typical memory corruption vulnerability, highlighting the advanced capabilities of AI models in contextual reasoning.
GTIG noted that the vulnerability has since been addressed following collaboration with the vendor involved. The growing use of AI in offensive cyber operations presents an escalating threat from both state-sponsored and criminal entities.
Growing cyber threats
GTIG’s report also indicated an alarming rise in AI-assisted attacks, particularly from groups linked to countries like China and North Korea. Russian-linked actors have adopted malware utilizing AI-generated decoy code to avoid detection. Hultquist described the threat actors behind the zero-day as having a significant history of mass exploitation incidents.
GOOGLE DISCOVERS FIRST AI-DEVELOPED ZERO-DAY EXPLOIT IN THE WILD
Google’s Threat Intelligence Group said Monday it discovered the first known zero-day exploit it believes was developed using artificial intelligence, intercepting a threat actor planning what @Google called a… pic.twitter.com/O90xJohNhs
— BSCN (@BSCNews) May 11, 2026
Google remains confident that the attackers did not employ its Gemini AI model or Anthropic’s Mythos model in this incident, but the specific AI system involved remains unidentified. The finding reaffirms warnings issued in GTIG’s previous reports about AI’s role in accelerating the vulnerability weaponisation process.
As AI capabilities develop, expectations are set for more sophisticated and impactful zero-day attacks in the near future.
-
Tech2 days agoIntel nears Apple chip deal, shares soar
-
Shows2 days ago
Health infrastructure drives Australia’s property growth hotspots
-
News2 days ago
Trump rejects Iran’s response to peace plan
-
News2 days ago
Reform UK gains dramatically, Labour loses seats
-
Ticker Views5 days ago
Saudi Arabia And Kuwait open U.S. Military access as Strait Of Hormuz tensions shift
-
Ticker Views5 days ago
Markets rally as U.S.-Iran deal hopes grow
-
Ticker Views5 days ago
Hantavirus outbreak on cruise ship grows as expert recounts deadly 1993 discovery
-
Ticker Views2 days ago
Nigel Farage’s Reform UK shakes up British politics
