Google says criminal hackers used an AI model to build a real zero-day

verified

Tuesday, May 12, 2026

The News

Google said Monday that it had disrupted a criminal group's attempt to use artificial intelligence to exploit another company's previously unknown digital vulnerability, adding to heightened worries across government and private industry about AI's risks for cybersecurity. Google's Threat Intelligence Group said it has "high confidence" that it recorded hackers using an AI model to find and exploit a zero-day vulnerability, creating a way to bypass two-factor authentication, and said the criminal threat actor planned to use it in a mass exploitation event. Google traced the hackers' footprints and found evidence they had used an AI large language model to discover the vulnerability, and said it was most likely not Google's own Gemini or Anthropic's Claude Mythos. According to The Register, the Python script included "educational docstrings," a hallucinated CVSS score, and a polished textbook coding structure that looked heavily influenced by LLM training data; Google said the issue stemmed from developers hard-coding a trust exception into the authentication flow.

The Read

Strip out the "era of AI-driven exploitation" rhetoric and the operational fact is small but pointed: an attacker used a non-frontier model — not Gemini, not Claude — to find a 2FA bypass in a popular open-source admin tool, and the giveaway was that the exploit code read like a textbook because an LLM wrote it. That tells you the bar for offensive use has dropped to whatever open-weights model can be self-hosted, which is exactly the population of models that doesn't sit behind a CVP-style verification program. The defensive corollary nobody's saying out loud: if Google is finding the artifact because the code is too clean, expect attackers to start adversarially scuffing their output within the next quarter, after which the "LLM-shaped exploit" detection signal goes away.

Watch For

Walk your dependency tree for any open-source admin or operations tool (cPanel-class, web-based) that gates production with 2FA. For each, circle anything that hard-codes a trust exception in the authentication flow — the exact pattern Google flagged. Move those from a backlog ticket to a same-sprint patch. If a vendor can't tell you whether their auth flow contains a hard-coded bypass, that's the answer.

For Engineering / Security lead