Google: Hackers Used AI to Develop Zero-Day Exploit for Web Admin Tool
Google Threat Intelligence Group reports the first observed AI-developed zero-day exploit in the wild, targeting an unnamed open-source web administration tool and bypassing 2FA.
Researchers at Google Threat Intelligence Group (GTIG) have identified what they believe is the first known instance of a zero-day exploit developed using artificial intelligence. The exploit targeted a popular open-source web-based system administration tool, whose name has not been disclosed, and was capable of bypassing two-factor authentication (2FA) protections. Although the attack was disrupted before mass exploitation could occur, the incident marks a significant escalation in the use of AI by threat actors.
Google's confidence that the exploit was AI-generated stems from the structure and content of the Python exploit code. The script contained an abundance of educational docstrings, including a hallucinated CVSS score, and followed a structured, textbook Pythonic format highly characteristic of LLM training data. The large language model used remains unclear, but Google has ruled out the involvement of its own Gemini model.
The vulnerability itself was a high-level semantic logic bug, a type of flaw that AI systems excel at identifying, as opposed to memory corruption or input sanitization issues typically uncovered through fuzzing or static analysis. This further supports the conclusion that an LLM was used in the discovery and weaponization process.
Google notified the software developer about the threat and took timely action to disrupt the attack. The company emphasized that this case represents a new frontier in cyber threats, where AI is not just assisting but actively driving the creation of novel exploits.
Beyond this specific incident, Google's report highlights a broader trend of state-sponsored groups adopting AI for offensive purposes. Chinese and North Korean hacking groups such as APT27, APT45, UNC2814, UNC5673, and UNC6201 have been observed using AI models for vulnerability discovery and exploit development. Russian-linked actors have also used AI-generated decoy code to obfuscate malware like CANFAIL and LONGSTREAM.
Google also detailed a Russian operation codenamed 'Overload,' where social engineering threat actors used AI voice cloning to impersonate real journalists in fake videos promoting anti-Ukraine narratives. Additionally, the PromptSpy Android backdoor, documented by ESET earlier this year, was highlighted for its integration with Gemini APIs, including an autonomous agent module that uses a hardcoded prompt to bypass LLM safety features and interact with devices.
The company warns that threat actors are now industrializing access to premium AI models using automated account creation, proxy relays, and account-pooling infrastructure. This development underscores the urgent need for defenders to adapt to an AI-driven threat landscape where zero-day exploits can be generated at machine speed.