Google on Monday said it identified an unknown threat actor using a zero-day exploit that was likely developed with an artificial intelligence system, in what the company described as the first known in-the-wild use of AI for vulnerability discovery and exploit generation. The activity involved a Python script that bypassed two-factor authentication on a popular open-source web-based system administration tool.
KEY FACTS
- Exploit The flaw let attackers bypass 2FA after gaining valid user credentials.
- Assessment The script showed signs of LLM-generated code, including verbose docstrings and a structured Python format.
- Response Google worked with the vendor to disclose and fix the issue, and did not name the tool.
- Context Google also said PromptSpy malware and other campaigns have used AI for automation and abuse.
In a technical analysis shared with The Hacker News, Google Threat Intelligence Group said the exploit appeared to rely on a hard-coded trust assumption, a type of logic flaw that can be easier for language models to identify than conventional scanners. The company said it had high confidence that an AI model helped with both discovery and weaponization.
The report said the code contained educational docstrings, a hallucinated CVSS score and a clean Pythonic layout that resembled LLM output. Google said the flaw required valid credentials to work and that it coordinated with the impacted vendor to disrupt the activity before naming the software involved.
The disclosure also linked the episode to a wider pattern of AI-assisted abuse. Google said it has seen malware such as PromptSpy use Gemini-related features to inspect screens, guide user interface actions and block removal, while other threat actors have used AI tools for vulnerability research, malware development and account abuse.
Google said it has disabled assets tied to PromptSpy and noted that no apps containing the malware were found on the Play Store. It also cited cases involving suspected China-nexus, North Korea-linked and Russia-nexus activity, along with experiments in shadow API services that can route AI access through proxy infrastructure.
WHY IT MATTERS
The episode suggests AI tools are reducing the time needed to find and use software flaws, which may speed up both attacks and defensive response. It also shows that organizations running AI systems and public-facing tools may face a broader mix of automated abuse, credential-based exploitation and supply chain risk.