Google flags AI-built zero-day exploit

Cybersecurity people have been warning about this exact moment for a while. Not AI writing spam emails. Not AI helping with phishing copy. A real zero-day — a previously unknown software flaw — found and turned into a working exploit by criminals with AI in the loop. Google says it has now seen that happen in the wild, and that it disrupted the campaign before the attackers could use it in a broad hacking spree. (blog.google) ### What did Google actually find? (cloud.google.com) Google Threat Intelligence Group said on May 11 that it identified a threat actor using a zero-day exploit it believes was developed with AI, in what it called the first case it has seen of AI supporting both discovery and weaponization of a previously unknown flaw. (blog.google) The campaign was headed toward a wide-scale or “mass exploitation” event, but Google says its proactive discovery and vendor notification helped stop that before launch. ### What kind of bug was this? The exploit was implemented in Python and targeted a popular open-source, web-based system administration tool. The flaw would let an attacker bypass two-factor authentication, which is a big deal because 2FA is often the last simple barrier between a stolen password and full admin access. (blog.google) Google did not name the tool in its own public summary, but multiple follow-on reports describe it as a web admin platform used to manage systems remotely. ### Why is a 2FA bypass so serious? Because it cuts around the thing defenders tell everyone to turn on. If an attacker can jump past 2FA, then the security model gets much weaker very fast — especially on admin software that can touch lots of machines. (blog.google) In plain English, this was not a bug for stealing one login. It looked more like a bug for scaling access across many targets if the campaign had gone live. ### How does Google know AI was involved? Google says it has high confidence AI helped discover and weaponize the exploit. One clue that surfaced in reporting was code that appeared to carry AI-style artifacts, including a hallucinated CVSS score — basically, the kind of security-severity metadata a model might invent while stitching together exploit logic. (cloud.google.com) Google also said neither Gemini nor Anthropic’s Mythos was the model used here. ### Is this the first AI cybercrime story? No — but it is a different category. Attackers already use AI for research, phishing, malware tweaks, and automation. The jump here is that Google says AI was used for the harder part: finding a new vulnerability and helping turn it into a usable zero-day exploit. (cloud.google.com) That moves AI from assistant to something closer to junior exploit developer. ### Was anyone actually hacked? Google’s public line is that the planned operation was disrupted before the mass exploitation phase. That matters. This was not a postmortem after a giant breach. It was an interception. But the catch is that a foiled campaign still proves the workflow is real. Once one group can do it, other groups will copy the method — and probably improve it. (straitstimes.com) ### So what changes now? Defenders lose time. That is the core problem. If AI shortens the path from “find weird bug” to “ship working exploit,” then vendors have less breathing room and security teams need faster patching, better exposure tracking, and stronger detection around admin tools. Google is making the obvious counterargument too — that AI can help defenders find and fix bugs first, through systems like Big Sleep and CodeMender. (blog.google) But basically, the race just sped up on both sides. ### Bottom line The headline is not that AI can hack everything now. It can’t. The headline is narrower and more important: Google says criminals have crossed from using AI as a helper into using it to build a real zero-day exploit for a planned large-scale attack. (blog.google) That is the kind of milestone that changes security roadmaps.