Google says it has disrupted what may be the first documented cyberattack using an AI-generated zero-day exploit — a major milestone in cybersecurity. The exploit reportedly targeted a flaw that could bypass two-factor authentication (2FA) in a popular open-source web administration tool.
Here’s what happened:
- Google’s Threat Intelligence Group (GTIG) detected threat actors preparing a “mass exploitation” campaign using a previously unknown vulnerability (a zero-day).
- Investigators found signs the exploit code was likely AI-assisted, including:
- textbook-style comments,
- AI-like formatting patterns,
- and even a hallucinated CVSS severity score — something LLMs are known to generate.
- The flaw allegedly enabled attackers to bypass 2FA protections.
- Google says it warned the affected vendor and blocked the attack before widespread exploitation occurred.
The bigger issue is what this signals for the future.
Security researchers have warned for years that generative AI could:
- discover vulnerabilities faster,
- automate exploit development,
- generate malware,
- and scale cyberattacks dramatically.
Google now says that transition is no longer theoretical. Their latest report describes AI becoming an “industrial-scale” force multiplier for attackers.
At the same time, Google says defenders are also using AI offensively against threats:
- AI systems like “Big Sleep” are being used to detect vulnerabilities,
- while tools like “CodeMender” aim to automatically patch software bugs.
This is increasingly turning cybersecurity into an AI-vs-AI arms race.