AI-built zero-day bypassed 2FA in open-source admin tool

Google’s Threat Intelligence Group reported Monday that cybercriminals used an AI model to develop a zero-day exploit that bypassed two-factor authentication in a widely used open-source web administration tool. The vendor patched the vulnerability before a planned mass exploitation campaign.

The company described the case as the first known instance in the wild of an AI-assisted zero-day. The report did not name the tool or the attackers.

According to the report, the AI model analyzed how the software was intended to behave rather than searching for crashes or broken code. It identified a contradiction in hardcoded exceptions that allowed the software to skip the two-factor check without breaking encryption or producing an obvious failure.

The report added that the model’s contextual reasoning correlated enforcement logic with the contradictory exception to surface a dormant logic error that traditional scanners missed. “AI models act as expert-level force multipliers for vulnerability research and exploit development,” the report noted.

Google attributed the campaign to a criminal actor and noted state-linked groups are also using AI for related tasks. Actors linked to China and North Korea have applied AI to find software weaknesses, while groups tied to Russia have used AI to hide malware and build obfuscation networks.

Google noted it does not believe its Gemini model was used, but stated it has high confidence the attacker leveraged an AI model to support discovery and weaponization of the flaw.

The report warned that AI-driven workflows can lower the barrier to reverse-engineering applications and accelerate the creation of polymorphic malware and obfuscation tools.

Earlier this year, Google patched a prompt-injection flaw in an internal AI coding platform that could allow manipulated prompts to execute commands on a developer’s machine. Another AI developer restricted access to a research model after tests showed it could identify thousands of previously unknown software flaws.

A separate study of more than 90,000 cybercrime forum threads found most offenders use AI for spam and phishing rather than for complex exploit construction.

Google recommended that defenders update threat models to account for AI-augmented tactics and coordinate quickly with vendors. The affected tool and the identities of the attackers remain undisclosed.