Google Warns of AI-Powered Exploit Development: Zero-Day Bypasses 2FA, Android Backdoor Abuses Gemini
Google's Threat Intelligence Group has documented threat actors using AI for exploit development and attack automation, including a zero-day that bypasses 2FA on a popular open-source admin tool and an Android backdoor that abuses Gemini.
Google's Threat Intelligence Group (GTIG) has published new research detailing how threat actors are leveraging artificial intelligence for exploit development and attack automation, marking a significant escalation in AI-enabled cyber operations.
GTIG identified a threat actor using a zero-day exploit that the company believes was developed with AI — possibly the first of its kind. The vulnerability is implemented in a Python script that enables the user to bypass two-factor authentication (2FA) on a popular open-source, web-based system administration tool. The exploit requires valid user credentials to work, but GTIG says the actor planned to use it on a massive scale. The bug was disclosed to the appropriate vendor to disrupt potential threat activity.
"Although we do not believe Gemini was used, based on the structure and content of these exploits, we have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability," the report reads. The script contains educational docstrings typical of LLM training data, such as educational docstrings and a hallucinated CVSS score.
Threat actors associated with China and North Korea have shown particular interest in using LLMs for vulnerability research. GTIG observed suspected Chinese actor UNC2814 prompting Gemini to act as a network security researcher auditing embedded devices like TP-Link firmware for pre-authentication remote code execution vulnerabilities. North Korean actor Silent Chollima (APT45) has been observed sending thousands of repetitive prompts to recursively analyze different CVEs and validate PoC exploits, facilitating more robust exploit capabilities.
One of the most striking use cases detailed in the report involves the Android backdoor PromptSpy, which abuses Gemini to maintain persistence and autonomously interpret user activity. First detailed by ESET, PromptSpy prompts Gemini to ensure the malicious app remains in the "recent apps" list. GTIG's analysis found the backdoor uses AI to navigate the Android UI and autonomously interpret real-time user activity for follow-on actions, such as capturing biometric data to replay authentication gestures and regain access to a compromised device.
Threat actors are also using agentic workflows to operationalize autonomous frameworks for multi-stage security tasks. A China-nexus actor deployed agentic tools like Hextrike and Strix in an attack against a Japanese technology firm and an East Asian cybersecurity platform, using them to maintain persistence and validate vulnerabilities. "This combination of autonomous reconnaissance and automated verification suggests a transition toward AI-driven frameworks that can scale discovery activities with minimal human oversight.
John Hultquist, chief analyst of Google Threat Intelligence Group, warns that defenders must evolve to keep pace. "If defenders do not incorporate AI into their defenses, they will eventually find themselves dealing with a deluge of alerts and incidents, and they will struggle to keep up with an adversary that can operate faster than their patch cycle and quickly move laterally across their networks," he says.