Google Detects First Known AI-Built Zero-Day Exploit, Used by Criminals to Plan Mass 2FA Bypass Attack

What Google found

According to Google's Threat Intelligence Group, several prominent cybercrime threat actors collaborated to identify a previously unknown bug in a Python script used by a popular open-source system.³⁷ The vulnerability, once found, could be exploited to bypass two-factor authentication — one of the most widely deployed security controls on the internet.⁷ The groups then used AI-assisted code to develop a working exploit for the flaw, transforming a bug discovery into a deployable weapon without the extended manual reverse-engineering work that such attacks have historically required.⁴

Google said it had "high confidence" that an AI model was used in the process of finding and exploiting the zero-day.³¹ The specific AI system used was not identified in the public disclosure. The company said the criminal group had planned to deploy the exploit in a mass exploitation event — a coordinated attack across many targets simultaneously — but that Google's proactive counter-discovery may have prevented it from being used.³ Google has since disclosed the vulnerability to the open-source vendor responsible for the affected software.⁴

Why this is a landmark moment

Security researchers have discussed AI-assisted zero-day discovery as a near-future risk for several years, but documented real-world cases have been rare.⁶⁸ The significance of this disclosure is not just that it happened, but that it happened in a criminal context, carried out not by nation-state actors with large research budgets but by cybercrime groups that found AI lowered the barrier to conducting what had previously required specialised expertise.¹⁴

John Hultquist, chief analyst at Google's Threat Intelligence Group, cautioned that the publicly documented case is likely not an isolated incident. "For every zero-day we can trace back to AI, there are probably many more out there," Hultquist said, noting that the group's visibility into the threat landscape is necessarily incomplete.⁶ The implication is that AI-assisted vulnerability research is already becoming part of the standard toolkit for criminal actors, not just well-resourced state programmes.²

State actor activity

Google's broader threat intelligence report noted that North Korean and Chinese state actors are also actively experimenting with AI across a range of offensive cyber operations, including vulnerability discovery, social engineering, and the generation of malicious code.²⁹ While the zero-day case involved criminal groups, the underlying dynamic — AI lowering the skill floor for sophisticated cyberattacks — applies equally to state-sponsored programmes and is expected to accelerate as AI models improve at code generation and reasoning.⁵⁶

What defenders should take from this

The Google disclosure adds urgency to conversations in the security community about how defenders should respond to AI-assisted attack development.⁸¹⁰ The traditional model of security — where the attacker needed deep specialist knowledge to find and exploit zero-days — is being eroded. AI compresses the time and expertise required to move from bug discovery to working exploit, which historically was measured in days or weeks of expert manual work.⁴⁷

Practical responses are being debated across the security industry. Defenders have access to many of the same AI tools as attackers, and AI-assisted vulnerability scanning and patch prioritisation are already commercially available.²⁹ However, the asymmetry that concerns researchers is that attackers only need to find one working exploit, while defenders need to close every vulnerability — a disparity that AI-accelerated attack development makes significantly more acute.⁶