For years, the security community debated whether artificial intelligence would ever be used to discover and weaponise zero-day vulnerabilities in the wild. That debate ended on 11 May 2026, when Google’s Threat Intelligence Group (GTIG) confirmed it had identified the first known case of a criminal threat actor using an AI model to develop a working zero-day exploit — a 2FA bypass targeting a widely used, open-source web administration tool.
This is not a theoretical risk paper. This is not a proof-of-concept at a conference. A criminal group used a large language model to find a real vulnerability, generate a working Python exploit, and prepare it for mass exploitation. Google’s proactive discovery may have prevented the campaign from scaling, but the precedent is now set.
TL;DR
- Google Threat Intelligence confirmed the first criminal use of AI to discover and exploit a zero-day vulnerability — a 2FA bypass in a popular open-source admin tool.
- The AI-generated Python exploit contained telltale LLM signatures: educational docstrings, hallucinated CVSS scores, and overly structured formatting.
- The attackers planned a mass exploitation campaign; Google’s early detection likely prevented widespread compromise.
- AI is compressing the window between vulnerability discovery and weaponisation — development teams must accelerate their patch and detection cycles accordingly.
- Defence strategies must now include AI-aware threat modelling, hardened 2FA implementations, and faster vulnerability response workflows.
What Happened: The Google GTIG Disclosure
Google’s Threat Intelligence Group published a report detailing how an unidentified criminal threat actor leveraged an AI system — assessed with high confidence to be a large language model — to discover a semantic logic flaw in a popular open-source, web-based system administration tool. The vulnerability stemmed from a hard-coded trust assumption in the authentication flow, which allowed attackers to bypass two-factor authentication entirely.
The exploit was implemented as a Python script and bore all the hallmarks of LLM-generated code: an abundance of educational docstrings, a hallucinated CVSS severity score, detailed help menus, and a clean, structured formatting style characteristic of large language model training data. As Google noted, these are artefacts a human writing an attack tool would simply not include.
The threat actor’s intent was clear: mass vulnerability exploitation. Google’s proactive counter-discovery appears to have disrupted the campaign before it could scale, but the implications extend far beyond this single incident.
Why This Changes the Threat Landscape
AI Lowers the Barrier to Zero-Day Discovery
Previously, discovering zero-day vulnerabilities required deep expertise in reverse engineering, source code auditing, or fuzzing. AI models can now identify semantic logic flaws — the kind of subtle trust assumptions that automated scanners miss — by reasoning about code at a higher level of abstraction. This dramatically lowers the skill floor for vulnerability research.
As security researcher Ryan Dewhurst put it: “AI is already accelerating vulnerability discovery, reducing the effort needed to identify and weaponize flaws.” The asymmetry between attackers and defenders just shifted further in favour of the attacker.
Exploit Generation Becomes Automated
The AI did not just find the vulnerability — it generated a working exploit script. This collapses two traditionally separate skill sets (vulnerability research and exploit development) into a single automated workflow. Criminal groups no longer need specialist exploit developers on their team when a language model can produce working proof-of-concept code in minutes.
The Compressed Timeline Problem
We have already documented how the exploit window is collapsing. This incident accelerates that trend. When AI can both discover and weaponise vulnerabilities, the time between a flaw existing in code and it being actively exploited shrinks to near zero. Your 30-day patch cycle is not going to cut it.
Recognising AI-Generated Exploits
Google’s analysis identified several signatures of LLM-generated attack code that security teams should be aware of:
- Educational docstrings: Attack tools written by humans are typically sparse and pragmatic. LLM-generated code includes verbose, tutorial-style documentation explaining what each function does.
- Hallucinated metadata: The exploit included a CVSS score that did not correspond to any real advisory — a classic LLM confabulation.
- Over-structured formatting: Clean PEP 8 compliance, detailed argument parsers, and help menus that feel like they were generated for a coding tutorial, not a weaponised tool.
- Pythonic patterns: Heavy use of standard library abstractions and idiomatic Python that mirrors training data from public repositories.
These signatures will become less obvious as attackers refine their prompts and post-process outputs, but for now they provide a useful forensic indicator.
What Development Teams Must Do
1. Audit Your Authentication Trust Assumptions
The exploited vulnerability was a hard-coded trust exception in an authentication flow. These kinds of semantic logic flaws — where the code works as written but the logic is wrong — are exactly what AI excels at finding. Review your authentication implementations for:
- Hard-coded IP or hostname trust bypasses
- 2FA skip conditions (test accounts, internal networks, specific user agents)
- Session token trust assumptions that bypass re-authentication
- OAuth/OIDC flows with overly permissive redirect validation
2. Compress Your Vulnerability Response Cycle
If your current process is “patch on the next release cycle,” you are already behind. AI-accelerated discovery means vulnerabilities are being found faster than ever. Your response needs to match:
- Implement automated dependency scanning in CI/CD with break-the-build severity thresholds
- Establish a rapid-response patching process for critical authentication and authorisation flaws
- Subscribe to advisories for every open-source tool in your stack, particularly web administration panels
3. Harden Your 2FA Implementation
Two-factor authentication is only as strong as its weakest bypass. Ensure your implementation:
- Has no conditional logic that skips 2FA for any reason (including internal requests or “trusted” networks)
- Validates the full authentication chain on every request, not just the initial login
- Uses WebAuthn/passkeys where possible — phishing-resistant authentication eliminates entire categories of bypass
- Logs and alerts on any 2FA skip events, even those from supposedly trusted sources
4. Add AI-Aware Threat Modelling
Your threat models need to account for AI-assisted attackers. This means:
- Assume semantic logic flaws will be found. AI can reason about trust assumptions in code that scanners and fuzzers miss.
- Assume exploits will be generated quickly. The gap between discovery and weaponisation is now minutes, not weeks.
- Assume mass exploitation is the default intent. AI-generated exploits are trivially reproducible and distributable.
5. Monitor for AI-Generated Attack Patterns
Update your WAF rules and intrusion detection to look for the patterns Google identified. Automated exploit scripts tend to follow predictable request patterns — structured, sequential, and methodical in a way that differs from manual probing.
The Bigger Picture
This incident does not exist in isolation. In 2025 and 2026, we have seen teenagers use ChatGPT to hit Rakuten Mobile’s systems approximately 220,000 times, threat actors use Claude Code for extortion campaigns targeting 17 organisations, and AI-assisted breaches of government systems. The Google zero-day is simply the most technically sophisticated example yet.
The security industry has been preparing for this moment, but preparation and reality are different things. AI is not replacing human attackers — it is amplifying them. A moderately skilled criminal can now punch well above their weight class, discovering vulnerabilities that would previously have required elite expertise.
For development teams, the message is clear: your security posture must assume that AI-assisted attackers are already probing your stack. The tools, processes, and response times that worked in 2024 are no longer sufficient.
How REPTILEHAUS Can Help
Our team specialises in security-first development, from authentication architecture and DevSecOps pipelines to AI threat modelling for modern applications. If your team needs to audit its authentication flows, harden its 2FA implementation, or build faster vulnerability response processes, get in touch — we have been building secure systems since before AI made it an emergency.
📷 Photo by Jake Walker on Unsplash
