{"data":{"id":"f1cbf045-217e-4ea4-ae32-eb6587e50112","title":"Google discovers weaponized zero-day exploits created with AI","summary":"Google's Threat Intelligence Group discovered the first confirmed AI-crafted zero-day exploit (a previously unknown security flaw) in the wild, which was a Python script that bypassed two-factor authentication (a security method requiring two forms of verification) on a web-based system administration tool. The exploit exploited a logic flaw that the AI model found by understanding the developers' intent rather than just finding basic coding mistakes. As AI models become more advanced at reasoning about complex code, such AI-generated exploits may become more common, and threat actors are also attempting to abuse AI systems like Google's Gemini to discover vulnerabilities in firmware (the low-level software in devices) and other systems.","solution":"N/A -- no mitigation discussed in source.","labels":["security","safety"],"sourceUrl":"https://www.csoonline.com/article/4169046/google-discovers-weaponized-zero-day-exploits-created-with-ai.html","publishedAt":"2026-05-11T13:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["jailbreak","prompt_injection","model_theft"],"issueType":"news","affectedPackages":null,"affectedVendors":["Google","Anthropic","OpenAI"],"affectedVendorsRaw":["Google Gemini","Anthropic Claude","OpenAI","Google Threat Intelligence Group (GTIG)"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-05-11T13:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","safety"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}