Google's Threat Intelligence Group (GTIG) has confirmed the first known case of an AI-generated zero-day exploit, one that bypasses two-factor authentication by targeting a trust flaw in an open-source web administration tool. The discovery, published May 11, 2026, marks a significant escalation in cybersecurity.
The exploit, a Python script, circumvents 2FA by exploiting a logic flaw in a widely used open-source web admin tool. GTIG identified AI-generated code markers, including clean ANSI color classes and organized educational prompts-hallmarks of large language models, not human hackers. The threat actors used an AI system, not Google's Gemini, to both discover the vulnerability and engineer the exploit.
Google intervened before a planned mass exploitation campaign could launch, working with the vendor to patch the flaw. This development lowers the bar for sophisticated exploit creation, compressing years of reverse engineering expertise into hours.
For the crypto industry, the implications are stark. Two-factor authentication underpins security for exchanges, wallets, and DeFi platforms. Hardware keys, withdrawal whitelists, and multi-signature setups remain critical defenses. The attack surface expands as AI targets smart contracts, browser wallets, and APIs.