Google’s Threat Intelligence Group (GTIG) has identified and neutralized what it believes is the first zero-day exploit developed with artificial intelligence. The sophisticated attack targeted an open-source web-based system administration tool and aimed to bypass two-factor authentication on a massive scale.
Security researchers discovered telltale signs of AI involvement in the exploit code, including a “hallucinated” CVSS score — a numerical rating that didn’t correspond to any real vulnerability — and highly structured formatting consistent with LLM training data. The exploit exploited a high-level semantic logic flaw where the developer had hardcoded a trust assumption into the 2FA system.
While Google confirmed they do not believe Gemini was used, the incident marks a concerning milestone in AI-powered cybercrime. The report also details how threat actors are increasingly using “persona-driven jailbreaking” techniques to coax AI systems into finding security vulnerabilities. As AI grows more capable, the cybersecurity landscape faces a new era where both defenders and attackers wield powerful AI tools.
Reference: The Verge
💡 Recommended: Stay protected online with a robust cybersecurity suite. Browse top-rated antivirus and VPN solutions on Amazon UK to safeguard your digital life, or check out our Top Deals for the latest security offers.
