Google Thwarts First AI-Developed Zero-Day Targeting 2FA Bypass

Google's threat intelligence team announced on Monday that it had identified and helped block what it described as the first clear instance of hackers using artificial intelligence to discover and weaponize a previously unknown software vulnerability. The effort, which the company believes was intended for a large-scale campaign, targeted a popular open-source web-based administration tool and sought to bypass its two-factor authentication system.

Researchers at Google Threat Intelligence Group said the attackers relied on an AI model to locate a high-level semantic flaw in the platform's code, where developers had hardcoded a trust assumption that left the system exposed. Evidence of the model's involvement appeared in the exploit's Python script, including structured formatting typical of large language model training data, an invented CVSS severity score, and explanatory comments that resembled textbook examples. The company assessed with high confidence that the actors leveraged AI for both discovery and weaponization, though it ruled out its own Gemini models and Anthropic's Mythos.

The planned operation would have allowed mass exploitation across affected systems. Google worked with the unnamed vendor to issue a patch before the campaign could advance, an intervention it said likely prevented wider damage. The activity occurred within the past two months, though exact timing was not disclosed. The attackers remain unidentified, but the report noted growing interest among groups linked to China and North Korea in applying AI to offensive operations.

This case marks a shift from earlier uses of AI in cybercrime, which largely involved generating phishing content or scripting simple tasks. Security analysts have long warned that generative models could accelerate the identification of zero-day flaws, compressing what once required teams of skilled researchers into shorter timelines. John Hultquist, chief analyst at Google's threat intelligence group, characterized the episode as an early signal of broader change. "Threat actors are using AI to boost the speed, scale, and sophistication of their attacks," he said. He added that for every traced instance, others likely remain undetected.

The development arrives amid rapid advances in AI capabilities for both attack and defense. Models are increasingly integrated into security tools that scan code for weaknesses, yet the same systems can be repurposed by adversaries. Google noted that criminals have begun targeting the connectors and autonomous features that make AI systems functional, expanding the attack surface beyond traditional software.

Policy responses to these risks remain unsettled. The current administration has moved away from prior executive guardrails on advanced AI systems while sending mixed signals about the federal role in oversight. Industry and government discussions now center on whether voluntary commitments, export controls, or more structured evaluation requirements can keep pace with the technology's dual-use nature. Experts tracking the field say the episode illustrates why fragmented approaches may prove insufficient, as the tools for finding vulnerabilities become more accessible and the window for patching narrows.

Defenders retain advantages in scale and coordination, with companies such as Google able to monitor global telemetry and collaborate with vendors on rapid fixes. Still, the report underscores that AI-assisted attacks are no longer theoretical. As models improve at interpreting system states and generating context-specific commands, the balance between offensive and defensive applications will depend on sustained investment in detection, disclosure practices, and cross-border information sharing.