Google intercepts a zero-day exploit built with AI for the first time

Google has for the first time in history discovered and blocked a zero-day exploit created by cybercriminals using artificial intelligence. This event highlights a new level of cybersecurity threats: criminals now use AI to develop hacks faster and more effectively than ever before.

Targeted Attack on 2FA

Unknown criminal groups were preparing a large-scale attack on the two-factor authentication (2FA) system in an open-source web application for managing system infrastructure. This application is used by IT administrators worldwide to manage enterprise servers and networks. The exploit allowed attackers to completely bypass 2FA and gain access to protected administrator accounts. In the hands of criminals, such access meant the ability to steal companies' confidential data, install malware, or hold a corporate network for ransom.

Google Threat Intelligence detected the attempted attack at a critical moment, literally before its launch. Specialists were able to block the vulnerability, notify the application developers, and release a patch. This fact potentially saved thousands of corporate networks from hacks and data breaches.

How AI Accelerated Exploit Development

Before the advent of large language models, creating a zero-day exploit required months of manual work, deep knowledge of the target application's architecture, and constant testing. Now cybercriminals can use AI to significantly accelerate this process.

Modern language models are capable of:

• Automatically generating vulnerability code based on a simple description of the idea
• Analyzing large volumes of open-source code of target applications in minutes
• Testing various attack variants in parallel, without human involvement
• Optimizing code to avoid detection by security systems and antivirus software
• Reducing development from weeks or months to days or even hours

This is the first confirmed case where a zero-day exploit was created using AI tools. Google notes that such attacks will become increasingly common as AI models improve and the cost of access to them decreases.

Google's Response and Protection

The company immediately released a patch for the vulnerability and recommends administrators update their software to the latest version. Specialists also advise strengthening additional levels of authentication and not relying solely on 2FA as the only protection mechanism. The incident demonstrated that a single factor of authentication is no longer sufficient against advanced attacks that can be developed very quickly.

Companies need to implement multi-layered protection, including monitoring for anomalous employee activity, restricting access by IP addresses, using VPN for critical operations, and conducting regular security audits.

Why This Is Urgent

Previously, zero-days were a rare and expensive weapon, accessible only to state-sponsored hackers and specialized criminal groups. Developing such a hack required hiring experienced specialists and months of work. Now the situation has changed.

Any criminal group can afford a subscription to an AI service — they cost between $20 and $200 per month. This means that zero-day exploits are becoming a democratic tool in the hands of ordinary cybercriminals.

What This Means

Cyberattacks are evolving in real time along with artificial intelligence. Companies need to shift from reactive security to proactive — not wait for hacks, but anticipate attacks and prevent them. This requires investments in modern monitoring technologies, employee training, regular security testing, and continuous infrastructure updates.