top of page

AI-Powered Zero-Day: Hackers' First Known 2FA Bypass Campaign Stopped by Google

  • May 11
  • 3 min read

Key Findings


  • Google identified threat actors using an AI-generated zero-day exploit to bypass two-factor authentication on a web-based administration tool, marking the first confirmed use of AI in malicious vulnerability discovery in the wild

  • The exploit was delivered as a Python script containing telltale signs of large language model generation, including excessive docstrings, fabricated CVSS scores, and textbook-style code formatting

  • The vulnerability required valid user credentials and stemmed from a hard-coded trust assumption that the AI excelled at identifying

  • Google worked with the vendor to patch the flaw before widespread exploitation, disrupting what appeared to be a coordinated mass exploitation campaign

  • Multiple threat actors from China and North Korea have been observed using AI models to accelerate vulnerability research, develop autonomous malware, and conduct supply chain attacks


Background


Google's Threat Intelligence Group discovered this activity while investigating a coordinated campaign by unknown cybercriminals. The group appeared to have collaborated to conduct what Google described as a large-scale vulnerability exploitation operation. While Google did not name the affected administration tool, the company worked directly with the vendor to ensure timely disclosure and remediation of the flaw before attackers could deploy it widely.


AI-Generated Exploit Characteristics


The Python script used in the attacks contained unmistakable signatures of AI generation. Researchers found an abundance of educational docstrings explaining code functionality, which is typical of language model training data but unusual in real-world malicious code. The script even included a hallucinated CVSS severity score that does not correspond to any real vulnerability database entry. The code followed a structured, textbook Pythonic format with detailed help menus and clean ANSI color classes, all patterns highly characteristic of large language models.


The vulnerability itself appears to exploit a semantic logic flaw based on a hard-coded trust assumption. This type of flaw is particularly well-suited to AI discovery because language models are trained to recognize patterns and assumptions that humans might overlook in code logic.


Accelerated Vulnerability Timeline


Security researchers warn that AI is fundamentally compressing the window between vulnerability discovery and exploitation. As one threat intelligence expert noted, defenders no longer have the luxury of extended disclosure timelines. Attack timelines have been compressing for years, and AI has accelerated this trend further. Attackers now move faster through discovery, weaponization, and deployment phases, leaving organizations with less reaction time.


Autonomous Malware Operations


Beyond exploit development, Google discovered autonomous malware systems leveraging AI for real-time decision making. PromptSpy, an Android backdoor, uses Gemini API integration to analyze phone screens and autonomously determine next steps without human intervention. The malware can navigate user interfaces, capture biometric data to replay authentication gestures, and prevent uninstallation through sophisticated overlay techniques. Its command-and-control infrastructure can be updated dynamically at runtime, allowing operators to rotate infrastructure without redeploying the malware itself.


Threat Actor Usage Patterns


State-sponsored groups are weaponizing AI for vulnerability research at scale. A China-nexus group designated UNC2814 prompted AI models by asking them to assume the role of network security experts to research embedded device vulnerabilities. North Korean threat actor APT45 sent thousands of repetitive prompts to recursively analyze known CVEs and validate proof-of-concept exploits. These approaches represent structured, methodical attempts to industrialize vulnerability discovery.


Supply Chain and Information Operations


Google researchers identified attacks against software supply chains where threat actors injected malicious code into popular development tools. Groups have stolen credentials and API keys to enable extortion and lateral movement. Additionally, AI voice cloning technology has been deployed in information operations to impersonate journalists and create deepfake content for disinformation campaigns.


Defensive Response


Google took immediate action to disable all infrastructure and accounts related to the malicious activity. No instances of PromptSpy were discovered on the Google Play Store. The company continues developing automated tools like Big Sleep and CodeMender to identify and remediate similar flaws proactively. However, researchers emphasize that the fundamental acceleration of attack timelines means defenders must adopt more aggressive vulnerability detection and patching strategies than previously required.


Sources


  • https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html

  • https://hackread.com/google-hackers-used-ai-develop-zero-day-exploit/

  • https://x.com/TheHackersNews/status/2053864329519448379

  • https://www.linkedin.com/posts/thehackernews_threat-actors-used-ai-to-create-the-first-activity-7459631346320035840-3YLE

  • https://www.infosecurity-magazine.com/news/hackers-using-ai-zero-day-first/

Recent Posts

See All

Comments


  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page