x
The digital landscape has officially crossed a threshold that cybersecurity experts have long feared. For years, the industry debated whether artificial intelligence was truly capable of discovering new, "zero-day" software vulnerabilities or if it was simply a high-tech assistant for basic tasks.
Google’s Threat Intelligence Group has now settled that debate. In a landmark report, the company confirmed that cybercriminals have successfully used an AI model to discover and weaponise a previously unknown flaw in a popular open-source web administration tool. This marks the first time Google has identified an AI-assisted zero-day development in the wild, signalling a new, more dangerous era of automated warfare.
A "zero-day" vulnerability is a software flaw that is unknown to the vendor. Because the developer doesn't know it exists, they have "zero days" to fix it before it can be exploited. Historically, finding these flaws required elite-level human expertise, weeks of manual code review, and deep technical intuition.
In this specific instance, the attackers used AI to identify a "logic flaw." Unlike traditional security scanners—which look for "broken" code or crashes—the AI model performed what Google calls "contextual reasoning." It essentially "read" the developer’s intent.
The AI was able to see that while the code looked functionally correct, it contained a hardcoded exception that contradicted its own security rules. By correlating the enforcement logic of Two-Factor Authentication (2FA) with these hidden exceptions, the AI found a way to bypass 2FA entirely. The hackers didn't have to break the encryption; they just used AI to find the "back door" the developer didn't realise they had left unlocked.
Google’s report highlights that this isn't an isolated incident by a lone wolf. State-sponsored groups are already integrating AI into their workflows to act as an "expert-level force multiplier."
By lowering the barrier to entry, AI is allowing hackers to reverse-engineer applications at speeds that were previously impossible. What used to take a team of engineers months can now potentially be mapped out by an LLM (Large Language Model) in a fraction of the time.
While Google's findings are sobering, not everyone believes we are facing an immediate "cyber-apocalypse." A recent study from Cambridge University analysed over 90,000 threads on cybercrime forums and found that the majority of low-level criminals are still using AI for mundane tasks like improved phishing emails and spam, rather than "vibe coding" sophisticated exploits.
The Cambridge researchers argue that the social aspect of hacking—the community and the "street cred" earned by learning manual skills—remains a major barrier to the total automation of cybercrime. However, Google’s report suggests that while the average hacker might not be there yet, the advanced threat actors certainly are.
The cybersecurity community is currently experiencing what some call "vertigo." The same tools being used to attack are also being used to defend. Organisations like Mozilla and Google are using AI to find bugs before the hackers do, but the pace is relentless.
As AI models get better at understanding the "intent" behind code, the window of time between a vulnerability being created and it being exploited is shrinking. We are entering a period where security is no longer just about writing better code, but about using AI to watch over the shoulder of every developer, searching for the logic errors that human eyes—and traditional scanners—simply cannot see.
The confirmation of an AI-generated zero-day exploit is a wake-up call for the tech industry. It proves that AI is no longer just a tool for generating text or images; it is a sophisticated engine for logical analysis that can be turned against our digital infrastructure. As these models become more accessible, the race between the AI-powered attacker and the AI-powered defender will define the future of the internet.
For more detailed information on this developing story, you can read this report here:
👉 Hackers Used AI to Build a Zero-Day Exploit That Bypasses Two-Factor Authentication: Google
Disclaimer: This article is provided for informational purposes only, mistakes may be made, and it's not offered or intended to be used as legal, tax, investment, financial, or any other advice.
