Google has identified the first confirmed case of a zero-day exploit developed with the assistance of artificial intelligence. The threat intelligence group at Google discovered the vulnerability targeting a popular open-source web-based system management tool. This marks a significant shift in cyber warfare as attackers begin leveraging large language models to create novel security flaws.
Malicious actors bypass two-factor authentication using novel attack code
The exploit allows malicious actors to bypass two-factor authentication on the targeted software. Google suspects that an unidentified large language model played a key role in crafting the attack code. Evidence of this AI involvement includes the presence of hallucinated CVSS scores within the script. The code also features rich educational docstrings and a structured Pythonic format typical of LLM training data.

Google confirmed that its own Gemini AI was not involved in the development of this specific exploit. The company did not disclose which specific large language model the threat actors used. John Hultquist, a senior analyst at the Google Threat Intelligence Group, stated that this incident is likely just the tip of the iceberg. He warned that other AI-developed zero-day vulnerabilities are likely to exist in the wild.
The threat actors behind the exploit are described as a prominent cybercrime group. Nation-state-linked groups from China and North Korea have shown strong interest in AI-based vulnerabilities. This development highlights the growing intersection of generative AI and sophisticated cyber threats. Security researchers are now monitoring for similar patterns in future attack vectors.



Discussion
0 comments
Log in to join the thread with a thoughtful take, question, or correction.