{"id":34632,"date":"2026-05-11T13:24:09","date_gmt":"2026-05-11T13:24:09","guid":{"rendered":"https:\/\/www.europesays.com\/ai\/34632\/"},"modified":"2026-05-11T13:24:09","modified_gmt":"2026-05-11T13:24:09","slug":"google-spotted-an-ai-developed-zero-day-before-attackers-could-use-it","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ai\/34632\/","title":{"rendered":"Google spotted an AI-developed zero-day before attackers could use it"},"content":{"rendered":"<p>Google researchers found a zero-day exploit developed by artificial intelligence and alerted the susceptible vendor to the imminent threat before a well-known cybercrime group initiated a mass-exploitation campaign, the company said in a report released Monday.<\/p>\n<p>The averted disaster probably isn\u2019t the first time attackers used AI to build a zero-day, but it is the first time Google Threat Intelligence Group found compelling evidence that this long-predicted and worrying escalation in vulnerability-exploit development is underway.<\/p>\n<p>\u201cWe finally uncovered some evidence this is happening,\u201d John Hultquist, chief analyst at GTIG, told CyberScoop. \u201cThis is probably the tip of the iceberg and it\u2019s certainly not going to be the last.\u201d<\/p>\n<p>Google declined to identify the specific vulnerability, which has been patched, or name the \u201cpopular open-source, web-based administration tool\u201d it affected. It did, however, note that the defect impacted a Python script that allows attackers to bypass two-factor authentication for the service.<\/p>\n<p>Researchers also withheld details about how they discovered the zero-day exploit or the cybercrime group that was preparing to use it for a large-scale attack spree.<\/p>\n<p>The threat group has a \u201cstrong record of high-profile incidents and mass exploitation,\u201d Hultquist said, suggesting the attackers are prominent and well-known among cybersecurity practitioners.\u00a0<\/p>\n<p>GTIG is fairly confident the threat group was using AI in a meaningful way throughout the entire process, but it has yet to determine if the technology also discovered the vulnerability it ultimately developed into an exploit.<\/p>\n<p>Whichever AI model the attackers used \u2014 Google is confident it wasn\u2019t Gemini or Anthropic\u2019s Mythos \u2014 left artifacts throughout the exploit code that are inconsistent with human developers. This evidence, which included documentation strings in Python, highly annotated code and a hallucinated but non-existent CVSS score, tipped Google off to the fact AI was heavily involved, Hultquist said.\u00a0<\/p>\n<p>GTIG has been warning about and expecting AI-developed exploits to hit systems in the wild, especially after its Big Sleep AI agent found a zero-day vulnerability in late 2024.<\/p>\n<p>\u201cI think the watershed moment was two years ago when we proved this was possible,\u201d Hultquist said, adding that there are probably several other AI developed zero-days in play now.\u00a0<\/p>\n<p>Yet, to him, the discovery of a zero-day exploit developed by AI is less concerning than what this single instance forebodes even further.<\/p>\n<p>\u201cThe game\u2019s already begun and we expect the capability trajectory is pretty sharp,\u201d Hultquist said. \u201cWe do expect that this will be a much bigger problem, that there will be more devastating zero-day attacks done over this, especially as capabilities grow.\u201d<\/p>\n<p>\t\t\t\t\t<img decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/05\/MattKapko.jpg\" alt=\"Matt Kapko\"\/><\/p>\n<p>\n\t\t\tWritten by Matt Kapko<br \/>\n\t\t\tMatt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University.\t\t<\/p>\n","protected":false},"excerpt":{"rendered":"Google researchers found a zero-day exploit developed by artificial intelligence and alerted the susceptible vendor to the imminent&hellip;\n","protected":false},"author":2,"featured_media":34633,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[24,154,132,1429,22072,10718,22073,4343,22074],"class_list":{"0":"post-34632","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-google","8":"tag-ai","9":"tag-cybercrime","10":"tag-google","11":"tag-google-ai","12":"tag-google-threat-intelligence-group","13":"tag-vulnerability","14":"tag-vulnerability-disclosure","15":"tag-zero-day","16":"tag-zero-day-exploit"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/34632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=34632"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/34632\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/34633"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=34632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=34632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=34632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}