Google Finds First AI-Developed Zero-Day that Bypasses 2FA — Self-Morphing Malware and Gemini-Powered Backdoors Signal a New Era of Cybercrime

The integration of large language models into malicious toolkits marks a turning point for cybercrime. By feeding source code into generative AI, attackers can pinpoint obscure logic errors that enable privilege escalation, as illustrated by the newly uncovered 2FA‑bypass script. This capability compresses weeks of manual reverse engineering into hours, expanding the pool of viable zero‑day exploits and forcing defenders to reconsider vulnerability management timelines.

Beyond discovery, AI now powers dynamic, self‑morphing malware that rewrites its own binaries on the fly. Such code can inject decoy functions, shuffle execution paths, and adapt to sandbox analysis, rendering signature‑based detection increasingly ineffective. The Gemini‑driven PROMPTSPY backdoor exemplifies this trend, leveraging cloud‑based AI to interpret UI elements, capture screenshots, and simulate user interactions, effectively turning compromised smartphones into autonomous agents that harvest credentials and evade removal.

The ripple effects extend to social engineering and geopolitical manipulation. Automated bots can harvest corporate org charts, news feeds, and LinkedIn data to craft hyper‑personalized phishing campaigns, dramatically boosting click‑through rates. Simultaneously, AI‑generated deep‑fakes—audio, video, and synthetic imagery—are being weaponized for political propaganda, blurring the line between authentic and fabricated content. Organizations must adopt AI‑augmented threat hunting, behavior‑based analytics, and robust verification protocols to counter this evolving threat landscape.