Google’s Threat Intelligence Group (GTIG) confirmed the first instance of cybercriminals using artificial intelligence to weaponize a zero-day vulnerability.
Attackers utilized an AI model to identify a flaw in a popular open-source web administration tool. This exploit would have allowed the group to bypass two-factor authentication.
Google identified the AI's involvement through exploit code structures characteristic of large language model training data. The company collaborated with the tool's vendor to patch the vulnerability before the planned campaign launched.
The targeted group is a prominent actor known for mass exploitation. This discovery marks a significant milestone in the evolution of AI-driven cyber threats.