Google Catches First AI-Built Zero-Day Exploit Before Mass Attack
A Historic First
Google's Threat Intelligence Group (GTIG) announced on May 11 that it detected and stopped the first confirmed zero-day exploit developed with AI assistance. A criminal group had planned a mass exploitation campaign targeting widely deployed open-source software—but Google intercepted the attack before it launched.
How the Exploit Worked
The weapon was a Python script targeting a logic flaw in the authentication flow of an unnamed but widely deployed open-source web administration tool. Developers had hard-coded a trust exception into the 2FA verification step, creating a bypass that attackers could exploit. The attack required valid user credentials—a privilege-escalation technique, not a cold-start login bypass.
GTIG says it has high confidence the exploit was AI-authored. Three tell-tale signs: textbook Pythonic structure typical of LLM training data, extensive educational docstrings, and a hallucinated CVSS score that does not correspond to any real CVE entry.
Threat Actors
Chinese state-linked operators and North Korea's APT45 have been observed using AI to automate vulnerability checks at scale. GTIG believes the criminal group behind this exploit was planning a mass exploitation event. Google worked with the vendor to patch the vulnerability before the campaign launched.
Why This Matters
Zero-day discovery and exploit development have historically required deep human expertise. With AI now autonomously performing this process, the cost and skill barrier for zero-day development has dropped significantly. Faster patching cycles, stricter AI model access controls for cybersecurity tasks, and updated vulnerability disclosure policies are now urgent priorities.
Source: CNBC
Related Articles
Google said it is pairing new funding with AI-powered security tooling to help open source maintainers respond faster as AI increases both vulnerability discovery and attack pressure. The announcement combines a collective $12.5 million pledge through Alpha-Omega with wider use of tools such as Big Sleep, CodeMender, and Sec-Gemini.
A public issue carrying hostile instructions became the evidence HN needed for a sharper debate about agent permissions.
On February 12, 2026, Google said it open-sourced patches to improve AI-powered vulnerability detection across OSS-Fuzz and Open Source Vulnerabilities. The announcement ties directly to Big Sleep findings, including OpenSSL CVE-2025-6965 and an earlier NVIDIA Triton issue tracked as CVE-2025-23319.