Google says it has identified what may be the first real-world zero-day exploit developed with the help of artificial intelligence, marking a potentially important shift in how cyberattacks are being created.
In a report published by Google’s Threat Intelligence Group (GTIG) on May 11, the company said attackers used AI assistance to discover and exploit a previously unknown vulnerability in a widely used open-source web administration tool. The flaw reportedly allowed attackers to bypass two-factor authentication after obtaining login credentials.
According to Google, the vulnerability was disclosed to the affected vendor and patched before it could be used in larger attacks.
What caught researchers’ attention was the exploit code itself. Google says the Python script showed several signs typically associated with AI-generated code, including overly instructional comments, structured textbook-style formatting, and even a hallucinated CVSS severity score that did not actually exist.
Interestingly, the vulnerability was not a traditional memory corruption bug or a simple coding mistake. Instead, it involved higher-level business logic and semantic analysis, an area where modern AI models have started showing stronger capabilities. In simple terms, the AI appears to have helped connect pieces of application behavior that could eventually be abused together.
Security researchers have been warning for a while that AI could lower the barrier for more advanced cyberattacks, especially by helping less experienced attackers automate parts of the process that previously required deeper technical expertise.
At the same time, companies like Google are also using AI defensively for things like automated bug discovery, threat analysis, and patch development. Still, this latest case is likely to add more urgency to conversations around AI-powered cybersecurity threats.
While the incident itself appears to have been contained before wider abuse, researchers see it as an early sign of how AI may increasingly become part of both sides of the cybersecurity landscape.
Don’t miss a thing! Join our Telegram community for instant updates and grab our free daily newsletter for the best tech stories!
For more daily updates, please visit our News Section.
(Source: Google)
Comments