Google Threat Intelligence Group · 2026-05-11 · major
Google GTIG: First In-the-Wild Zero-Day Built With an AI — Cybercrime Crew Used an LLM to Weaponize a 2FA Bypass Intended for Mass Exploitation
Google's threat-intel team published the first documented case of an AI-developed zero-day exploit in the wild — a 2FA bypass for an unnamed open-source admin tool that an unnamed cybercrime crew planned to use for mass exploitation. Google disclosed it before the campaign launched.
Google's threat-intel team says it has 'high confidence' an LLM wrote a 2FA-bypass zero-day for a popular open-source admin tool — caught before deployment.
Key specs
| Disclosed | May 11, 2026 |
|---|---|
| Exploit type | 2FA Bypass (auth required) |
| Status | Patched before mass exploitation |
What is it?
Google Threat Intelligence Group (GTIG) published a new edition of its AI Threat Tracker. The headline finding: GTIG identified what it calls the first observed instance of an AI-developed zero-day exploit used by a financially motivated threat actor. The target was a popular open-source web-based system administration platform (vendor unnamed). The exploit, a Python script bypassing two-factor authentication for accounts with valid credentials, was caught before the planned mass-exploitation campaign launched. Google disclosed the underlying vulnerability to the vendor.
How does it work?
GTIG attributed AI involvement based on telltale generative-model artifacts in the exploit code: abundant educational docstrings, a hallucinated CVSS score embedded in comments, ANSI color helper classes, and a clean textbook-style Python format consistent with LLM training data. The underlying bug was a hardcoded trust assumption contradicting the app's authentication enforcement — a semantic logic flaw rather than memory corruption, exactly the class of issue LLMs are now good at spotting. Google says it has 'high confidence' an AI was involved and explicitly stated neither Gemini nor Anthropic's Mythos were the model used.
Why does it matter?
Until this report, AI-assisted offense was demonstrated mostly in lab settings and capture-the-flag style benchmarks. GTIG's claim — backed by code-level evidence and follow-on disclosure to a vendor — turns that into an operational data point. The same report also documents APT27 using Gemini to develop network-relay tooling, the PROMPTSPY Android backdoor that runs a Gemini API loop on-device, and ongoing supply-chain attacks against LiteLLM and Trivy. The pattern is consistent: AI is now part of the attacker tool stack, not a future threat.
Who is it for?
Defenders, CISO offices, threat-intel teams, security policy researchers