Google’s Threat Intelligence Group says they’ve caught the first working zero-day exploit they believe was built with AI β and got to it before the criminal group could launch their planned mass-exploitation campaign.
The bug is a two-factor authentication bypass in a popular open-source web-based system administration tool. Google declined to name the tool, the vendor, or the criminal group. GTIG says the attacker likely used a frontier language model to help find the bug and write the exploit. Their high-confidence call rests on tells in the exploit code itself: educational docstrings, a hallucinated CVSS score, and the clean textbook style language models tend to produce. GTIG explicitly says they don’t believe Gemini was the model used.
Sources:
https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access
https://www.bleepingcomputer.com/news/security/google-hackers-used-ai-to-develop-zero-day-exploit-for-web-admin-tool/
https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html
More on cybersecurity, privacy, scams, and homelab on Hake Hardware. New shorts every weekday.
#cybersecurity #zeroday #ai