Google's Threat Intelligence Group says it has identified, for the first time, a threat actor using a zero-day exploit it believes was developed with AI. The target was an unnamed but popular open-source, web-based system administration tool. The attack involved a 2FA bypass that required valid credentials — not a brute-force spray, but a targeted, logic-level flaw. Google says it disrupted the operation before it could become a mass exploitation event, and the vendor has since patched the issue.
Google says it does not believe Gemini was the AI involved, but it has high confidence that some AI model played a role in the discovery and exploit development process. That qualifier matters. This is not a claim that AI wrote a novel malware payload from scratch. It is a claim that AI helped a threat actor find a subtle authentication flaw in production software — the kind of high-level logic error that automated scanners routinely miss and that traditionally took skilled researchers meaningful time to locate and validate.
Why this is different from what came before
AI-assisted cyberattacks are not new in concept. For the past few years, the dominant story has been AI helping attackers write more convincing phishing emails, generate realistic lures, or translate malware into more obscure languages. Useful, but the ceiling was low. Phishing is a social engineering problem. The underlying attack still required someone to click.
A zero-day exploit developed with AI assistance is a different category. Finding an exploitable vulnerability in a real, widely deployed software system requires understanding code flow, application logic, authentication state, and where the edges of those systems fail to meet cleanly. That is meaningful technical work. If AI is now accelerating that process — helping researchers (or attackers) move from "this looks interesting" to "here is a working exploit" faster — the defensive calculus changes.
The specific attack here — a 2FA bypass requiring valid credentials — suggests the threat actor was not guessing. They understood the authentication model well enough to find where it could be bypassed. Whether AI assisted in reading the codebase, reasoning through authentication state transitions, or validating the bypass logic, the result is a targeted exploit against a logic flaw, not a brute-force attack. That is a higher-order capability than what most threat actors were deploying even eighteen months ago.
What the GTIG report signals about the broader shift
Google's report is careful not to overstate. It does not claim AI is autonomously hacking systems at scale. What it does say is that cybercriminals and state-linked groups are now using AI models across the vulnerability lifecycle: research, exploit validation, code obfuscation, and increasingly autonomous operations.
A few things follow from that:
- AI is becoming useful for finding high-level logic flaws that traditional scanners miss — the same class of vulnerability that has historically required deep expertise.
- The cost to reach a working exploit is going down for anyone with access to capable models and the motivation to try.
- The defensive side needs to be moving at the same speed: AI-assisted code review, dependency monitoring, exploit detection, and automated patching pipelines.
- Agentic tooling is becoming part of both sides of the security race. The same model capabilities that help a developer audit a codebase can help an attacker do the same.
The disruption and fast patch in this specific case are encouraging. The signal from the broader report is less comfortable: this is not the last time a credibly AI-assisted zero-day will appear in the wild. It is likely the first confirmed one.
The SunMarc takeaway
For builders and product teams, this is a prompt to take AI-assisted security tooling seriously on the defensive side — not as a future concern but as a present one. The gap between attacker access to capable models and defender use of the same tools for automated code review, dependency auditing, and vulnerability scanning is not fixed. It is a choice.
If AI can help a threat actor find a 2FA bypass in a popular open-source tool, the same class of AI can help a development team find it first. The asymmetry that makes this dangerous is not the technology — it is deployment. The defensive side generally moves slower. That is the problem worth solving.
Relevant links
- Google Threat Intelligence Group: AI Vulnerability Exploitation for Initial Access
- Reuters: Hackers pushing innovation in AI-enabled hacking operations, Google says
- Cybersecurity Dive: AI working on zero-day exploit, GTIG finds
- Engadget: Google announces its first-ever discovery of a zero-day exploit made with AI