Google Blocks AI-Assisted Zero-Day Exploit Before Mass Deployment

Google’s Threat Intelligence Group says it disrupted a planned mass exploitation campaign built around a zero-day vulnerability that was likely developed with help from a generative AI model, marking what the company describes as the first confirmed instance of artificial intelligence being used to craft a real-world exploit intended for active deployment.

The Details

In a threat intelligence bulletin published on May 11, Google said its researchers identified and stopped a criminal group’s attempt to exploit a previously unknown flaw in a widely used open-source, web-based system administration tool. The attackers would have needed valid credentials already in hand; the exploit was designed to bypass two-factor authentication on top of that existing foothold.

The exploit script, written in Python, contained multiple markers that Google associated with AI assistance. Researchers noted a hallucinated CVSS score, along with educational docstrings and textbook-style formatting that they said is characteristic of large language model output. Google also stated that it does not believe its own Gemini model was used in developing the script, even though it assesses that an AI model likely assisted the attackers.

The Associated Press reported separately that the incident amounted to a milestone that cybersecurity experts had long warned about. The Verge reported that Google called this the first time it had found direct evidence of AI involvement in producing a zero-day exploit intended for real-world use.

Context

For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI,” the Google Threat Intelligence Group wrote in its executive summary. Outside researchers echoed the weight of the finding. John Hultquist, commenting to the Associated Press, said, It’s here. The era of AI-driven vulnerability and exploitation is already here.

Google framed the incident as part of a broader shift from experimental misuse of generative models toward industrial-scale deployment in adversarial cyber operations. The company also noted that threat actors linked to China and North Korea have shown strong interest in using AI for vulnerability discovery and exploitation workflows.

The incident also illustrates a key limitation of the attack: despite the AI-assisted development, the exploit still required valid credentials to function. It did not enable a single-click remote compromise, but instead served as a second-factor bypass layered onto an existing initial access path.

What's Next

Google has not publicly attributed the campaign to a specific threat actor or indicated whether law enforcement has been notified. The company’s disclosure centers on the detection and disruption of the exploit rather than on follow-up attribution or prosecution. The security community is now likely to scrutinize exploit artifacts for similar AI hallmarks, particularly as nation-state and criminal actors continue to adopt AI for vulnerability research. Google’s assessment that this is not an isolated experiment suggests the industry should expect more AI-assisted exploits to surface in active operations.