Google Report: AI Created First Zero-Day Exploit

Criminal hackers successfully used AI to create a zero-day exploit, a landmark event confirmed in a Google Threat Intelligence report (link). The incident, detailed on May 12, 2026, is described by researchers as the first confirmed case where AI was central to crafting a previously unknown software vulnerability. Google's intervention prevented widespread abuse.

The development signals a major tactical shift in cybersecurity. AI models can analyze vast codebases, understand program logic, and draft proof-of-concept attacks significantly faster than human teams. John Hultquist of Google's Threat Intelligence Group (GTIG) told Cybersecurity Dive that AI "can review the underlying logic, context, and flow of code at scale to discover vulnerabilities" and then help build working exploits. This drastically shortens the time between vulnerability discovery and exploitation, shrinking the response window for defenders.

Google Thwarts Criminal Use of AI to Discover and Exploit a Zero-Day Vulnerability

The vulnerability was found in a widely used open-source system administration tool. According to The Hacker News, the exploit was a two-factor authentication bypass written as a textbook-style Python script, complete with AI-generated docstrings and even a hallucinated CVSS score (link). Google stated the attackers were preparing a mass campaign once a reliable exploit was developed.

Google's response involved three coordinated actions:

• Proactive detection using its internal AI agent, Big Sleep, which hunts for latent vulnerabilities.
• Rapid notification to the vendor to develop a patch before the campaign launched.
• Disruption of the attacker's infrastructure, which prevented a large-scale compromise.

A Google report confirms criminal hackers used AI to create a zero-day exploit targeting a popular open-source tool. The exploit, a Python script bypassing two-factor authentication, was identified by its AI-like characteristics. Google intervened with the vendor before the attackers could launch a large-scale campaign.

Expert context: a compressed attack timeline

Analysts at the Center for Strategic and International Studies (CSIS) note that generative AI makes traditional exploitation faster and cheaper. They warn that the window between a vulnerability's public disclosure and its use in real-world attacks is shrinking, putting pressure on organizations to accelerate their patch cycles.

Ryan Dewhurst of watchTowr added that the entire process of discovery, weaponization, and exploitation is accelerating. This suggests the industry is now in a new phase where AI-augmented attackers can iterate and launch attacks with unprecedented speed.

Early evidence, unanswered questions

While Google confirmed the attackers did not use its Gemini model, the specific AI system remains unidentified. The company also highlighted that state-linked groups from China and North Korea are experimenting with AI for vulnerability research, indicating wider adoption among advanced persistent threats (APTs).

A key question remains: how many AI-generated zero-days are already active and undetected? The 33-page GTIG report mentions multiple state actors experimenting with agentic tooling, but this is the only publicly confirmed criminal campaign to date.

---

What exactly happened according to Google's report?

Google's Threat Intelligence Group (GTIG) went public with the first verified case of AI discovering and weaponizing a zero-day vulnerability. Criminal actors had built a Python script that bypassed two-factor authentication in a popular open-source web-admin tool. Google spotted the campaign before mass exploitation, quietly patched the flaw with the vendor, and then published its findings.

How did Google know AI wrote the exploit?

The code carried hallucinated metadata (a fake CVSS score) and textbook-style docstrings that mirror large-language-model training data. Analysts also noted an unusually clean, "Pythonic" structure and verbose help menus - both rare in underground malware but common in AI-generated examples.

Is this the first time AI has touched the zero-day life cycle?

It is the first confirmed instance where AI played the central role in finding and building a working zero-day. Earlier sightings were limited to:
- State groups (China's UNC2814, North Korea's APT45) using AI to speed up CVE analysis or write proof-of-concept snippets.
- Google's own BigSleep agent spotting a different flaw in late 2024, but that was a defensive experiment, not an in-the-wild criminal event.

Why does the discovery-to-exploitation window matter?

Security teams have long counted on days or weeks between patch release and large-scale abuse. AI-assisted research collapses that buffer to hours:
- CSIS recorded a 40-minute jump from jail-breaking a safety model to live reconnaissance inside Mexican government networks.
- GTIG warns that "discovery, weaponization and exploitation are faster" because AI can scan code logic, craft exploits and iterate payloads in parallel.

What is Google doing next?

1. BigSleep keeps hunting flaws autonomously (Project Zero + DeepMind).
2. CodeMender, a Gemini-powered agent, now drafts and tests fixes for high-risk code.
3. Shared signals feed - indicators from this case are already pushed to VirusTotal and Google Cloud SCC so defenders can hunt for the 2FA-bypass script in their logs.

Until patches are applied, GTIG recommends:
- Disable external admin panels you cannot patch today.
- Enforce hardware FIDO2 tokens; the bypass relied on TOTP/SMS 2FA logic, not WebAuthn.
- Turn on automatic updates for any web-based management tool; the affected project issued a fix according to Google's report.