Google Identifies Threat Actors Leveraging AI-Generated Exploit Code to Circumvent Two-Factor Authentication via Zero-Day

Google's security researchers have identified a campaign in which threat actors are deploying AI-generated code to exploit a zero-day vulnerability, enabling them to bypass two-factor authentication (2FA) protections. The development marks a notable escalation in the convergence of artificial intelligence tools and advanced persistent threat operations, as attackers increasingly automate the creation of exploit payloads that were previously manual, high-skill undertakings.

The zero-day, currently unpatched, appears to target the authentication handshake process between secondary verification systems and core identity infrastructure. Google has not disclosed the specific vendor or platform affected, citing responsible disclosure protocols. Security teams at multiple organizations have reported anomalous authentication patterns consistent with the described technique, suggesting the vulnerability may be circulating within closed threat actor communities or already deployed in limited intrusions.

The use of AI to generate exploit code raises serious concerns about the democratization of zero-day development. Historically, crafting reliable 2FA bypass mechanisms required deep expertise in cryptographic protocols and target-specific reverse engineering. If large language models can reliably produce functional bypass code, the barrier to entry for sophisticated financial and espionage-motivated intrusions drops substantially. Security practitioners should treat AI-assisted exploit generation as a material expansion of their threat surface and prioritize migration to phishing-resistant authentication methods, where feasible.