AI Brief%22%2F%3E%3Ccircle%20cx%3D%22760%22%20cy%3D%22180%22%20r%3D%22260%22%20fill%3D%22%23ff6b6b%22%20opacity%3D%22.24%22%2F%3E%3Ccircle%20cx%3D%22110%22%20cy%3D%221040%22%20r%3D%22310%22%20fill%3D%22%23ff6b6b%22%20opacity%3D%22.16%22%2F%3E%3C%2Fsvg%3E)
Google identifies first real-world AI-assisted zero-day campaign
Google Threat Intelligence says criminals used an AI model to discover and weaponize a two-factor-authentication bypass for a planned mass-exploitation campaign that was stopped before launch.
Read more
Google Threat Intelligence Group says it identified what it believes is the first real-world case of criminals using AI to both discover and weaponize a zero-day vulnerability for a planned mass-exploitation campaign. The flaw was a two-factor-authentication bypass in a widely used open-source web administration platform. Google worked with the unnamed vendor to patch it before the operation gained traction. The exploit contained telltale model-generated traits, including educational-style docstrings, a hallucinated CVSS score, and unusually polished textbook structure. Google says neither Gemini nor Anthropic's Mythos was involved. The case matters because it moves AI-assisted vulnerability discovery from forecasts and controlled demonstrations into an attributed criminal operation, while also showing that current AI-generated exploits can still contain mistakes that defenders can exploit.
Key details: May 11, 2026, Google Threat Intelligence Group, AI-assisted zero-day discovery and weaponization, 2FA bypass, Planned mass exploitation, Patched before launch.
Continue swiping for more AI Brief stories.