Google Detects First AI-Developed Zero-Day Exploit Used by Threat Actors

The May 2026 report from Google’s Threat Intelligence Group marks a definitive shift in the cybersecurity landscape. While previous assessments categorized AI-assisted cyberattacks as experimental, current data from Mandiant and Gemini telemetry reveals that generative AI is now a mature, industrialized component of offensive operations.

The most significant milestone is the discovery of the first publicly documented zero-day exploit built with AI assistance. A criminal group deployed Large Language Models (LLMs) to identify a high-level semantic logic flaw in a popular open-source system administration tool, whose name Google chose to withhold. By weaponizing the model to generate a Python-based exploit for a two-factor authentication bypass, the actors demonstrated that AI excels at spotting hard-coded trust assumptions that traditional automated tools might miss. While Google says the proactive counter-discovery may have prevented the mass exploitation, the event confirms that AI has drastically compressed the timeline between vulnerability discovery and weaponization ...