Hackers Used AI to Develop First Known Zero-Day 2FA Bypass, Google Researchers Say

Google’s Threat Intelligence Group has reportedly discovered an unknown threat actor of using AI to develop a working zero-day exploit, raising fresh concerns about how quickly offensive AI is evolving in the wild.

AI reportedly used to bypass system defenses

In an extensive report, security researchers noted that they believe hackers used AI to discover and weaponize a previously unknown flaw in a widely used system administration tool. The vulnerability could reportedly bypass multi-factor authentication; a layer of security many organizations rely on beyond passwords.

That kind of access would normally require deep manual research. In this case, researchers say the process appears to have been accelerated with AI assistance, potentially reducing the time needed to turn a bug into a usable exploit.

“For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI. The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use. Threat actors associated with the People’s Republic of China (PRC) and the Democratic People’s Republic of Korea (DPRK) have also demonstrated significant interest in capitalizing on AI for vulnerability discovery,” noted Google in the report.

The company described its confidence in AI involvement as “high,” although it stopped short of naming the cybercrime group or the affected software. The exact model used also remains unconfirmed, though Google said it was not Anthropic’s Mythos or its own Gemini models.

Inside the hidden race between defenders and attackers

The attempt was ultimately blocked after Google notified the software developer, who patched the flaw before it could be widely exploited. System administration tools, like the one targeted here, are especially sensitive since they control servers, accounts, and access permissions across entire organizations.

Anthropic previously warned that advanced models could pose national security risks, and even delayed broader release of its cyber-security model, Mythos. Meanwhile, governments, financial institutions, and tech companies have been quietly coordinating on AI misuse scenarios.

All that said, researchers suggest this may be one of the first documented cases of AI contributing directly to a zero-day exploit in real-world conditions. It is still unclear how frequently such methods are already being used by cybercriminals.