Google Says Hackers Used AI to Build Zero-Day Exploit

Google Says Hackers Used AI to Build Zero-Day Exploit

Briefly

"Google’s Threat Intelligence Group (GTIG) said it disrupted what it believes was the first known zero-day exploit developed with help from an AI model. The exploit targeted two-factor authentication in a popular open-source, web-based system administration tool, raising concerns that attackers could use AI to find and use flaws that standard security tools may miss."

"“Our analysis of exploits associated with this campaign identified a zero-day vulnerability implemented in a Python script that enables the user to bypass two-factor authentication (2FA) on a popular open-source, web-based system administration tool,” GTIG stated in a report shared with the publication."

"Google said the exploit was built into a Python script and could bypass two-factor authentication on an unnamed open-source system administration tool. The company did not identify the affected vendor, the tool, or the threat actors behind the planned campaigns."

"Google researchers discovered several indications that AI may have created the exploit, according to The Verge. The clues included a hallucinated CVSS score and “structured, textbook” formatting similar to code produced by large language models. Google did not believe Gemini was used."