Google Discovers Weaponized Zero-Day Exploits Created with AI

The emergence of AI‑generated zero‑day exploits marks a turning point in the cyber‑threat landscape. While threat actors have long used machine learning to automate scanning and vulnerability prioritization, large language models now possess the reasoning ability to uncover complex logic errors that traditional static analysis tools miss. By feeding codebases into LLMs and prompting them to act as security experts, attackers can surface hidden authentication flaws, as demonstrated by the recent 2FA bypass discovered by Google’s Threat Intelligence Group. This shift blurs the line between automated reconnaissance and fully autonomous exploit development, compelling security teams to adopt AI‑aware defenses.

In the specific case disclosed by GTIG, a Python script—complete with educational strings and a fabricated CVSS score—exploited a hard‑coded trust assumption in an open‑source web‑based administration platform. Google’s rapid vendor notification likely prevented a coordinated mass‑exploitation campaign, underscoring the importance of proactive threat intelligence sharing. The exploit’s code style, reminiscent of textbook LLM outputs, highlights how generative models can produce polished, functional payloads without extensive human refinement, raising concerns about the speed at which novel vulnerabilities could be weaponized.

The broader trend extends beyond this single exploit. Reports of Chinese and North Korean groups attempting to jailbreak Gemini, using agentic tools like OpenClaw, and priming AI models with thousands of vulnerability cases illustrate a systematic effort to embed AI throughout the attack lifecycle. Enterprises must therefore integrate AI‑driven threat hunting, enforce strict model usage policies, and invest in adversarial testing of their own LLMs. As frontier models become more capable, the security community’s ability to anticipate and neutralize AI‑crafted exploits will be a decisive factor in maintaining cyber resilience.