Google Catches Hackers Using AI to Build a Zero-Day 2FA Bypass for a Mass-Exploitation Spree

Google on Monday disclosed what it is calling the first documented instance of cybercriminals using a large language model to build a working zero-day exploit. Researchers at the company's Threat Intelligence Group (GTIG) said an unnamed crew was caught preparing a mass-exploitation campaign against a widely deployed open-source, web-based system-administration tool, leaning on AI-generated Python code to slip past the platform's two-factor authentication.

The vulnerability itself was a semantic logic flaw — a hard-coded trust assumption the attackers could pivot through once they held valid credentials — rather than a memory-corruption bug of the kind security teams typically catalog. That distinction matters, GTIG argued, because logic flaws are precisely the class of weakness modern language models are unusually well-suited to surface from a high-level reading of source code. The exploit script itself bore the telltale fingerprints of LLM authorship: textbook Pythonic formatting, an over-eager set of educational docstrings and a hallucinated CVSS score that no human exploit author would have included.

Google said it identified the activity, coordinated disclosure with the affected vendor and pushed a patch before the planned spree could be launched. Crucially, the company added, neither its own Gemini models nor Anthropic's recently previewed Claude Mythos appeared to be the AI used to generate the exploit, leaving the precise model that powered the attack publicly unidentified. GTIG also took disruption measures against the threat actors themselves, a step Google has increasingly favored when the alternative is letting a half-built weapon stay in circulation.

The disclosure landed alongside a broader GTIG report describing how nation-state crews — among them North Korea's APT45 and several Chinese clusters tracked as APT27, UNC2814, UNC5673 and UNC5201 — are integrating AI into reconnaissance, malware obfuscation and exploit development. Russian operators are folding AI-generated decoy code into loaders such as CANFAIL and LONGSTREAM, and a separate Russian operation dubbed Overload has begun using AI-cloned voices to impersonate Western journalists. Taken together, GTIG argued, the past quarter marks the moment offensive AI shifted from speculative threat to observed tactic — and the defensive side will need to catch up faster than the disclosure cycle has historically allowed.