Google's Threat Intelligence Group (GTIG) has identified the first known real-world zero-day exploit developed with the assistance of generative AI. The exploit was a 2FA bypass targeting a popular open-source web administration tool, built by criminal actors ahead of a planned mass exploitation campaign. The operation was disrupted before deployment after GTIG collaborated with the vendor on responsible disclosure.
The report, released Monday, details a significant shift in adversary behavior: state-backed groups from China and North Korea are now using AI for vulnerability research, automated exploit analysis, and scalable reconnaissance. Meanwhile, on the malware front, researchers highlighted PROMPTSPY, an Android backdoor that uses an autonomous agent to interact with Google's Gemini API, allowing it to capture biometric data, replay gestures, and even prevent its own uninstallation.
Google warns that attackers are building professionalized infrastructure to gain anonymized access to premium AI models, while also targeting the AI software supply chain to steal credentials for ransomware. In response, Google is deploying defensive AI tools like Big Sleep and CodeMender to identify and patch vulnerabilities.