Google says hackers used AI to develop a zero-day 2FA bypass exploit in the first known real-world AI-assisted attack.
Cybersecurity researchers say a criminal hacking group has become the first known threat actor to use artificial intelligence to develop a real-world zero-day exploit designed for mass cyberattacks.
The disclosure, made by Google on May 11, 2026, involved a previously unknown vulnerability that allowed attackers to bypass two-factor authentication (2FA) protections in a widely used open-source web administration platform. Researchers from the Google Threat Intelligence Group said the exploit appeared to have been created with assistance from an AI system.
According to investigators, the flaw was embedded in a Python-based exploit script capable of bypassing authentication controls through a logic weakness in the targeted software. Google said evidence strongly suggested the exploit was not manually developed from scratch, but instead generated or significantly accelerated through AI-assisted techniques.
Researchers identified signs of AI involvement through characteristics in the code itself, including structured formatting patterns, automated vulnerability analysis behavior, and even fabricated technical details commonly associated with large language model hallucinations.
The campaign was reportedly linked to a coordinated cybercrime operation preparing for large-scale exploitation before the activity was disrupted. Google did not publicly identify the vulnerable platform or the group behind the attacks but confirmed the flaw has since been fixed.
Security analysts say the incident marks a major turning point in cybercrime operations, demonstrating that AI systems are now capable of assisting attackers in identifying unknown vulnerabilities and producing functional exploit code at operational speed.
Researchers also warned that AI is increasingly being used by criminal and state-linked actors to automate reconnaissance, phishing, malware development, and vulnerability research. While defenders are also adopting AI-powered tools, experts fear offensive capabilities may evolve faster than existing security defenses can adapt.
The discovery comes amid growing concerns over AI-assisted cyber operations and follows broader warnings from security researchers that advanced language models could significantly lower the barrier to conducting sophisticated attacks.
Related articles :
- Critical Nginx UI Flaw Enables Full Server Takeover
- AI-Assisted VoidLink Linux Malware Framework Unveiled
- South Korea Develops Crypto Tool to Track Drug Crime
Reports are sourced from official documents, law-enforcement updates, and credible investigations.
Discover additional reports, market trends, crime analysis and Harm Reduction articles on DarkDotWeb to stay informed about the latest dark web operations.
