Google Confirms First AI-Assisted Zero-Day Exploit by Criminals

Google's Threat Intelligence Group has confirmed the first known case of criminal hackers using artificial intelligence to develop a working zero-day exploit.

The group used AI to craft a Python-based exploit targeting a two-factor authentication bypass in a popular open-source system administration tool. The flaw has since been patched.

Google says it has high confidence AI assisted in the discovery and weaponization, citing code traits like hallucinated severity scores and textbook formatting consistent with training data. The company confirmed its own Gemini model was not used.

John Hultquist, chief analyst at Google Threat Intelligence Group, warns, “For every zero-day we can trace back to AI, there are probably many more out there.”

The report also reveals state-backed groups in China, North Korea, and Russia are using AI across attack chains, from vulnerability analysis to code obfuscation and voice cloning for influence campaigns.