NewsGuidesAnalysisExplainersAbout Us

Google detects hackers using AI-generated code to bypass 2FA with zero-day vulnerability

News
by Karthek
Wednesday, 13 May 2026 at 19:00
Google GTIG AI vulnerabilities
Artificial intelligence has matured from a tool for defenders to one of the most potent weapons in a cybercriminal's arsenal. In a report published by Google's Threat Intelligence Group (GTIG), the search giant has revealed how adversaries are now using AI to discover and exploit zero-day vulnerabilities, build evasion-capable malware, and even bypass two-factor authentication (2FA) protections.
In a chilling first, GTIG identified a threat actor using an AI-generated exploit to target a widely-used web administration tool; underscoring that AI now functions simultaneously as a sophisticated engine for adversary operations and as a high-value target for attacks.

What GTIG Discovered

The May 2026 report, which builds on its February findings, GTIG tracks a clear maturation in how threat actors operationalise generative AI, shifting from experimentation to industrial-scale deployment within offensive workflows. Key findings include:
  • First confirmed AI-generated zero-day exploit: Cybercriminal actors partnered to plan a mass exploitation campaign, built around a Python script discovered to contain a zero-day vulnerability that bypasses 2FA in a popular open-source web-based system administration tool. GTIG responsibly disclosed the flaw to the vendor before the attack could be launched.
  • State-sponsored AI reconnaissance: Threat clusters linked to China (PRC) and North Korea (DPRK) are actively using AI models to conduct sophisticated vulnerability research, with some groups sending thousands of automated, recursive prompts to analyse CVEs and validate proof-of-concept exploits.
  • AI-built malware infrastructure: Threat actors have used AI to develop obfuscation tools, polymorphic malware, and anonymisation relay networks and compressed the development cycle for evasive software.
  • Autonomous attack orchestration: The Android backdoor PROMPTSPY integrates Google's Gemini API to independently navigate device UIs, simulate physical gestures, and carry out commands without human input.

How hackers are bypassing 2FA with a zero-day

The 2FA bypass exploit represents a new frontier in AI-enabled cyberattacks. According to the GTIG report, the script bears multiple hallmarks of AI authorship: extensive educational docstrings, a hallucinated CVSS score, and a clean, structured Pythonic format typical of large language model (LLM) outputs.
Critically, the vulnerability itself was not the result of a common coding error like memory corruption. Instead, it stemmed from a semantic logic flaw, which is a hardcoded trust assumption made by the developer that contradicted the application's own 2FA enforcement logic. This is precisely the type of subtle, high-level flaw that frontier LLMs excel at detecting, since they can reason about developer intent rather than simply scanning for known crash patterns.

Read also

Google eyes ads in Gemini app, next step in its AI strategyGoogle eyes ads in Gemini app, next step in its AI strategy
Google supercharges Android with Gemini Intelligence: AI that runs your apps for youGoogle supercharges Android with Gemini Intelligence: AI that runs your apps for you

How to stay protected

GTIG and Google outlined several measures to defend against these evolving threats:
  • Patch proactively: The 2FA zero-day was responsibly disclosed and disrupted before exploitation. Organisations should prioritise patching web-based administration tools and keeping all software dependencies up to date.
  • Audit AI-integrated software: Treat LLM wrappers, API connectors, and open-source AI agent plugins as part of your attack surface. Verify the integrity of packages before integration.
  • Monitor for LLM abuse indicators: Watch for unusual API call volumes, account cycling patterns, and unauthorized access to AI service proxies within your network.
  • Enable Google Play Protect: For Android users, GTIG confirmed that Play Protect detects known versions of PROMPTSPY by default on devices with Google Play Services.
  • Follow the Secure AI Framework (SAIF): Google's SAIF taxonomy offers structured guidance for identifying risks like insecure integrated components and rogue AI actions within enterprise environments.
Google has also deployed its own AI-driven defenses in response, including the Big Sleep vulnerability-hunting agent and the CodeMender automated patching tool in a sign that the race between AI-powered offense and AI-powered defense is now fully underway.

byKarthek

GeminiGoogle
loading

Popular news

Professor Jiang’s Viral ‘AI Apocalypse’ Lecture Reveals a Growing Cultural Split Around AI

Professor Jiang’s Viral ‘AI Apocalypse’ Lecture Reveals a Growing Cultural Split Around AI

Google maakt Android slimmer met Gemini Intelligence AI gaat apps bedienen namens gebruikers

Google supercharges Android with Gemini Intelligence: AI that runs your apps for you

Google launches Googlebook | AIWorldToday.com

Google unveils Googlebook: AI-native laptops with Gemini and Android at the core

NHS Palantir Patient Data

NHS opens the vault: Palantir and contractors get blanket access to patient records

At What Point Does AI Music Stop Being Music

At What Point Does AI Music Stop Being Music?

Latest comments

    Loading