Google Catches First AI-Generated Zero-Day Exploit in the Wild

A prominent cybercrime group had plans to launch mass exploitation of a popular web administration tool—until Google caught them first. What made this case different: the zero-day exploit they intended to use appears to have been written by an AI model.

Google's Threat Intelligence Group (GTIG) disclosed the discovery on May 11, 2026, describing it as the first confirmed instance of threat actors using an AI-generated zero-day exploit in preparation for real-world attacks. The vulnerability allowed attackers to bypass two-factor authentication on an unnamed open-source, web-based system administration tool.

How Google Spotted the AI Fingerprints

The Python exploit code contained telltale signs of large language model output. According to Google's research, the script included "an abundance of educational docstrings, including a hallucinated CVSS score," along with clean, textbook-style formatting characteristic of LLM training data.

John Hultquist, chief analyst at GTIG, explained that the artifacts were "inconsistent with human developers." The detailed help menus, ANSI color class implementations, and overly educational documentation patterns all pointed to machine generation. Researchers ruled out Google's Gemini and Anthropic's Claude as the source model, though they did not identify which LLM was used.

The underlying vulnerability itself was a semantic logic bug—a case where a developer hardcoded a trust assumption that contradicted the application's authentication enforcement. This type of high-level reasoning error is precisely what AI systems excel at identifying, as it requires understanding application logic rather than spotting memory corruption or buffer overflows.

Mass Exploitation Disrupted

Google worked with the unnamed vendor to patch the vulnerability before the criminal group could launch their campaign. The attackers, described as having "a strong record of high-profile incidents and mass exploitation," had apparently planned to weaponize the 2FA bypass for financial gain.

The intervention mirrors what we saw with Mandiant's M-Trends 2026 report, which warned that AI-assisted attacks were accelerating exploit development timelines dramatically. That report noted threat actors achieving "22-second handoff" speeds between vulnerability disclosure and weaponization—a pace that only makes sense with machine assistance.

Nation-States Already in the Game

GTIG's report also flagged Chinese and North Korean state-sponsored groups actively using AI tools for vulnerability discovery and exploit development. The tools Strix and Hexstrike were specifically mentioned as part of nation-state arsenals.

This tracks with recent activity. Just last week, we covered China's UAT-8302 campaign using sophisticated techniques against government targets, while North Korean laptop farm operators were sentenced for IT worker schemes funding weapons programs. Both nations have strong incentives to invest in AI-powered offensive capabilities.

Google itself demonstrated proof-of-concept for AI-driven vulnerability discovery in late 2024, when its Big Sleep AI agent found a zero-day in SQLite before it reached production. The company has since pushed tools like Big Sleep and CodeMender—an AI patching assistant—into wider internal use.

Why This Changes the Threat Landscape

"The game's already begun and we expect the capability trajectory is pretty sharp," Hultquist warned. "There will be more devastating zero-day attacks."

The AI-generated exploit represents something security researchers have anticipated but hadn't confirmed in the wild. While Anthropic's Claude Mythos is considered too dangerous to release publicly due to its vulnerability-finding capabilities, criminals and nation-states are already achieving similar results with available models.

For defenders, this means the gap between vulnerability introduction and weaponization will continue shrinking. Traditional patching windows measured in weeks or months are becoming insufficient. Organizations running web-based administration tools—especially open-source ones—should:

• Enable all available authentication hardening beyond basic 2FA
• Monitor for anomalous authentication patterns that could indicate bypass attempts
• Assume adversaries will find logic bugs faster than internal security teams
• Prioritize patching for any authentication or access control advisories

Google is disabling accounts that abuse Gemini for malicious purposes, but the broader LLM ecosystem remains open. The first AI-generated zero-day won't be the last.