Google Links Prominent Cybercrime Group to First AI-Generated Zero-Day Exploit Targeting 2FA Bypass

Google's Threat Intelligence division has documented what appears to be the first confirmed instance of a cybercrime group using artificial intelligence to develop a zero-day exploit. The finding, published by Google, signals a milestone in the evolution of cyber threats: sophisticated threat actors are no longer merely using AI for reconnaissance or social engineering, but actively leveraging it to generate working exploit code.

The campaign targeted an open source web-based system administration tool, with the zero-day exploit specifically engineered to bypass two-factor authentication protections. Google identified the malicious implementation as a Python script, suggesting a relatively accessible yet effective delivery mechanism. The group involved has been characterized as prominent within the cybercrime ecosystem, and their successful deployment of AI-generated exploit code marks a notable escalation in operational capability.

Security researchers warn that this development could lower the barrier for other threat actors to produce similar zero-day exploits, increasing the volume of high-quality vulnerability research in criminal hands. Organizations relying on 2FA as a primary defense layer face elevated risk if administrative interfaces are exposed. The case underscores growing scrutiny over the role of AI tools in accelerating the discovery and weaponization of software vulnerabilities, prompting calls for closer monitoring of AI-assisted development pipelines by defenders.