Google says it has discovered and stopped what it believes is the first zero-day exploit developed with the help of AI.
According to a report from Google Threat Intelligence Group, well-known cybercrime threat actors were preparing to use the flaw in a large-scale attack that could have helped them bypass two-factor authentication on an unnamed open-source, web-based system administration tool.
Google’s researchers said they found signs inside the exploit’s Python script suggesting that AI may have been used to create it. Those clues included a “hallucinated” CVSS score and a clean, textbook-like structure that resembled content generated by large language model training patterns.
The exploit targeted a high-level logic flaw in the platform’s two-factor authentication system. Google said the issue came from a hardcoded trust assumption in the developer’s design, which attackers could have abused to get around security protections.
Google said this is the first time it has found evidence that AI played a role in developing this kind of exploit, though its researchers said they do not believe Gemini was used. The company was able to disrupt the planned attack before it could be widely used, but it warned that cybercriminals are increasingly turning to AI to find and exploit security weaknesses.





