top of page
ALL POSTS
AI-Powered Zero-Day: Hackers' First Known 2FA Bypass Campaign Stopped by Google
Key Findings Google identified threat actors using an AI-generated zero-day exploit to bypass two-factor authentication on a web-based administration tool, marking the first confirmed use of AI in malicious vulnerability discovery in the wild The exploit was delivered as a Python script containing telltale signs of large language model generation, including excessive docstrings, fabricated CVSS scores, and textbook-style code formatting The vulnerability required valid user c
May 113 min read
Google Reshapes Bug Bounty Payouts: Android Rewards Surge While Chrome Bounties Decline in AI Era
Key Findings Google increased Android bug bounty rewards up to $1.5 million for zero-click Pixel exploits, while Chrome payouts dropped significantly across most categories The overhaul prioritizes high-impact vulnerabilities and those resistant to AI detection, shifting focus from quantity to quality Chrome base rewards for memory safety issues fell to $500 with multipliers, down from previous levels, with some rewards now 10 times smaller Google phased out bonuses for arbit
May 33 min read
bottom of page
