Google Thwarts First AI-Developed Zero-Day Targeting 2FA Bypass

Google researchers disclosed Monday that a criminal hacking group attempted to deploy artificial intelligence in the creation of a previously unknown software vulnerability, marking the first documented case of such technology aiding a real-world cyber intrusion effort. The effort targeted an open-source web-based administration tool and aimed to bypass two-factor authentication in what Google described as a planned mass exploitation campaign.

The company's Threat Intelligence Group said it uncovered evidence that hackers relied on an AI model to help discover and weaponize the flaw, a high-level semantic logic issue in which developers had hardcoded a trust assumption into the platform's security system. Traces in the accompanying Python script, including structured formatting typical of large language model training data and a hallucinated CVSS severity score, pointed to machine assistance. Google stressed that neither its own Gemini models nor Anthropic's Mythos were involved.

The attempted attack surfaced within the past two months. Google worked with the unnamed vendor to issue a patch before the campaign could unfold at scale. Had it succeeded, attackers could have gained unauthorized access across numerous systems. Analysts noted the operation reflected a shift toward more autonomous attack methods, where AI interprets system states and generates commands on the fly.

The disclosure arrives as federal oversight of advanced AI systems remains unsettled. The Trump administration moved quickly after taking office to repeal earlier Democratic-era guardrails on the technology's development and release. Officials have since sent conflicting signals about whether government should play a stronger role in vetting powerful models before they reach the public. Some advisers argue against new rules, while others warn that rapid capability gains demand closer scrutiny.

Security experts have long cautioned that AI tools could accelerate the discovery of zero-day flaws, allowing criminal groups to move faster and with greater sophistication than before. Google's report underscores that concern, describing the incident as an early indicator of threats to come. Chief analyst John Hultquist characterized it as the tip of the iceberg, noting that threat actors are already experimenting with AI across multiple stages of cyberattacks.

The episode also highlights how AI itself is becoming both a weapon and a target. Google's researchers observed adversaries probing integrated components of AI systems, such as autonomous skills and third-party data connectors. At the same time, defenders are beginning to harness similar tools to identify risks more quickly.

While the specific actors behind this attempt remain unidentified, Google has previously documented interest from groups linked to China and North Korea in applying AI to vulnerability research. The company said it holds high confidence that an AI model supported the discovery and weaponization steps in this case, even as the exact model used is still unknown.

Broader implications extend beyond technical circles. An effective large-scale exploitation of this type could have exposed sensitive data or disrupted services relied upon by ordinary users and organizations. With AI development racing ahead under reduced regulatory constraints, questions persist about whether existing industry practices alone can keep pace with evolving threats. Google's findings provide concrete evidence that the risks once discussed in theory have now materialized in practice.