Google Thwarts First AI-Developed Zero-Day Targeting 2FA Bypass

Google's threat intelligence team disclosed Monday that it had identified and helped neutralize what appears to be the first documented case of hackers employing artificial intelligence to craft a zero-day exploit for a large-scale intrusion. The effort targeted a popular open-source web administration tool and aimed to bypass its two-factor authentication system through a flaw rooted in hardcoded trust assumptions within the code.

Researchers at the Google Threat Intelligence Group concluded that the attackers relied on an AI model to locate the vulnerability and generate the accompanying Python script. Evidence included structured textbook formatting, educational documentation strings, and a fabricated CVSS severity score that aligned closely with patterns found in large language model training data. The company stated it does not believe its own Gemini model or Anthropic's Mythos were involved in the operation.

The planned campaign would have enabled mass exploitation across numerous systems if left unaddressed. Google worked directly with the unnamed vendor to issue a patch before the attackers could proceed, an action the firm believes disrupted the effort. John Hultquist, chief analyst at the group, described the incident as an early indicator that criminal actors are incorporating AI to accelerate discovery and weaponization of flaws rather than relying solely on manual techniques.

This development fits within a broader pattern where private technology firms invest substantial resources in identifying and closing security gaps. Market incentives encourage such vigilance, as compromised platforms quickly lose user trust and revenue. Google noted that while adversaries are experimenting with AI at various stages of attacks, the same technology is simultaneously strengthening defensive capabilities by scanning code and predicting potential weaknesses at scale.

The episode occurred in recent months, though Google declined to specify an exact date. It comes amid ongoing debates over how governments should approach oversight of advanced AI systems. The Trump administration has moved away from prior regulatory frameworks, yet discussions continue about the proper scope of federal involvement in evaluating powerful models before release. Hultquist emphasized that for every AI-linked zero-day identified, others likely remain undetected, underscoring the persistent challenge posed by adaptive threat actors.

Open-source platforms, which often power critical infrastructure, face particular exposure because their code is publicly available for inspection by both defenders and malicious parties. The exploit in question exploited a semantic logic error rather than a traditional coding mistake, highlighting how even well-intentioned design choices can create openings when assumptions about trust go unchallenged.

Private sector responses have so far outpaced formal policy measures in addressing these risks. Companies routinely share threat intelligence and coordinate patches without waiting for regulatory mandates, driven by the need to protect their ecosystems and reputations. This case demonstrates that such voluntary cooperation can contain threats before they spread widely.

As AI tools become more accessible, both legitimate users and criminals will continue to experiment with them. The advantage will likely accrue to those organizations that maintain rigorous internal security practices and rapid response mechanisms rather than those awaiting external directives. Google's report serves as a reminder that technological progress carries inherent trade-offs, with innovation on both sides of the security equation.