AI-Generated Zero-Day Exploit Disrupted by Google

Severity: High (Score: 73.0)

Sources: Bleepingcomputer, Infosecurity-Magazine, Theedgemarkets, Cyberscoop, www.bloomberg.com

Summary

Google's Threat Intelligence Group (GTIG) reported that a cybercrime group attempted to exploit a zero-day vulnerability in a popular open-source web administration tool, using AI to develop the exploit. The vulnerability allowed bypassing two-factor authentication (2FA) protections. Google intervened before the attack could be executed, alerting the affected vendor to patch the flaw. This incident marks the first confirmed case of AI being used to discover and weaponize a zero-day exploit. The exploit's code exhibited characteristics typical of AI-generated content, including educational docstrings and a fabricated CVSS score. Google has not disclosed the identity of the cybercriminal group or the specific AI model used, but it ruled out its own Gemini and Anthropic's Mythos. The incident highlights a significant evolution in the threat landscape, as AI tools are increasingly utilized for vulnerability discovery and exploitation. Google emphasized that this is likely just the beginning of AI-driven cyber threats. Key Points: • Google disrupted a planned mass exploitation campaign using an AI-developed zero-day exploit. • The vulnerability allowed attackers to bypass two-factor authentication in a web administration tool. • This incident is the first confirmed case of AI being used to create a zero-day exploit.

Key Entities

• Apt45 (apt_group)
• Malware (attack_type)
• Zero-day Exploit (attack_type)
• China (country)
• Democratic People's Republic Of Korea (country)
• North Korea (country)
• People’s Republic Of China (country)
• Russia (country)
• CWE-287 - Improper Authentication (cwe)
• Android (platform)
• ChatGPT (platform)
• Claude Mythos (platform)
• Gemini (tool)
• GPT-5.5-Cyber Model (tool)
• Mythos (tool)