Google discovers weaponized zero-day exploits created with AI
Summary
Google's Threat Intelligence Group discovered the first confirmed AI-crafted zero-day exploit (a previously unknown security flaw) in the wild, which was a Python script that bypassed two-factor authentication (a security method requiring two forms of verification) on a web-based system administration tool. The exploit exploited a logic flaw that the AI model found by understanding the developers' intent rather than just finding basic coding mistakes. As AI models become more advanced at reasoning about complex code, such AI-generated exploits may become more common, and threat actors are also attempting to abuse AI systems like Google's Gemini to discover vulnerabilities in firmware (the low-level software in devices) and other systems.
Classification
Affected Vendors
Related Issues
Original source: https://www.csoonline.com/article/4169046/google-discovers-weaponized-zero-day-exploits-created-with-ai.html
First tracked: May 11, 2026 at 02:00 PM
Classified by LLM (prompt v3) · confidence: 92%