Google Detects First AI-Generated Zero-Day Exploit

For the first time, Google has identified a zero-day exploit believed to have been developed using artificial intelligence.

The company published a new report on Monday summarizing its observations on the use of AI in the cyber threat landscape, drawing on data collected recently by Gemini, Google Threat Intelligence Group (GTIG), and Mandiant.

One of the most notable findings is that a prominent cybercrime group leveraged AI to develop a zero-day exploit designed to bypass two-factor authentication (2FA) on an open source web-based system administration tool. The exploit was implemented in a Python script.

The hacker group and the targeted tool have not been named, but Google said it worked with the impacted vendor to prevent mass exploitation, which appeared to be the threat actor’s plan.

“Although we do not believe Gemini was used, based on the structure and content of these exploits, we have high confidence that the ...