Google detects first AI-generated zero-day exploit, thwarts attack
A hacker group used AI to find and weaponize a zero-day, bypassing 2FA.
Google's Threat Intelligence Group (GTIG) reported on May 12, 2026, that it successfully thwarted an attempt by a cybercrime group to use AI models for a mass vulnerability exploitation operation. GTIG has high confidence that AI was utilized to identify and weaponize a zero-day vulnerability, enabling the bypass of two-factor authentication. This marks the first documented instance where Google detected a hacker using an AI-generated zero-day exploit.
The group targeted a widely used enterprise software stack, scanning for unpatched systems. The AI model was used to automate reconnaissance, generate exploit code, and adapt to security controls in real time. Google's detection systems flagged anomalies in network traffic patterns and code behavior that were inconsistent with traditional human-crafted exploits. While no data was compromised, the incident underscores a new frontier in cyber threats where AI reduces both the time and skill needed to develop zero-day exploits. Google has shared indicators of compromise with partners.
- First documented use of AI to generate a zero-day exploit, detected by Google's Threat Intelligence Group.
- Attack bypassed two-factor authentication on enterprise software with an AI-weaponized vulnerability.
- No data was breached; Google shared IoCs and patched the vulnerability within hours.
Why It Matters
AI-generated zero-days lower the barrier for sophisticated attacks, forcing security teams to adopt AI defenses.