Google's Threat Intelligence Group confirmed on Monday that cybercriminals used an AI model to discover and weaponize a zero-day vulnerability in a popular open-source web administration tool, marking the first time Google has identified AI-assisted zero-day development in the wild. The flaw allowed attackers to bypass two-factor authentication (2FA). Google worked with the vendor to patch the vulnerability before a mass exploitation campaign could scale. The report highlights that threat actors linked to China, North Korea, and Russia are actively using AI for vulnerability research, exploit development, and malware obfuscation. While some researchers argue that AI's role in cybercrime is overstated—citing a Cambridge study showing most criminals use AI for spam and phishing—Google warns that AI models lower the barrier for sophisticated attacks by enabling contextual reasoning to surface logic errors. The finding adds to concerns about AI reshaping cybersecurity, as both defenders and attackers leverage these tools.

Key facts

• Google confirmed first AI-assisted zero-day exploit in an open-source web tool.
• Vulnerability allowed bypass of two-factor authentication (2FA).
• China, North Korea, and Russia-linked actors using AI for cyberattacks.
• Cambridge study says most cybercriminals use AI for spam/phishing, not exploits.
• Google fixed the flaw before mass exploitation campaign scaled.