Google detects hackers using AI-generated code to bypass 2FA with zero-day vulnerability

Reddit r/artificial News

Summary

Google's Threat Intelligence Group reports that hackers are using AI-generated code to discover and weaponize a zero-day vulnerability that could bypass two-factor authentication, marking a notable escalation in AI-driven cybercrime.

No content available
Original Article
View Cached Full Text

Cached at: 05/12/26, 04:47 PM

# Google detects hackers using AI-generated code to bypass 2FA with zero-day vulnerability Source: [https://www.pcguide.com/news/google-detects-hackers-using-ai-generated-code-to-bypass-2fa-with-zero-day-vulnerability/](https://www.pcguide.com/news/google-detects-hackers-using-ai-generated-code-to-bypass-2fa-with-zero-day-vulnerability/) AI is being used to discover all\-new exploits ![](https://cdn.shortpixel.ai/spai/q_lossy+ret_img+to_auto/www.pcguide.com/wp-content/uploads/2023/10/IMG_8117-96x96.jpg) PC Guide is reader\-supported\. When you buy through links on our site, we may earn an affiliate commission\.[Read More](https://www.pcguide.com/earnings-disclaimer/) Artificial intelligence is quickly becoming a major tool in the world of cybercrime, and a new report from Google suggests things are starting to take it much more seriously\. According to the company’s latest findings, hackers are now using AI tools to help discover zero\-day vulnerabilities, including one that could bypass two\-factor authentication protections\. The[report comes from Google’s Threat Intelligence Group](https://cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access), which recently shared details about how cybercriminals are increasingly relying on AI to improve attacks, create malware, automate phishing campaigns, and even uncover software flaws that developers never knew existed\. ## Hackers seem to be using AI\-generated code to bypass 2FA One of the most concerning discoveries involved hackers attempting to exploit a previously unknown vulnerability in a popular open\-source web\-based system administration tool\. The flaw could reportedly allow attackers to bypass 2FA protections, meaning they could potentially access accounts with just a password and skip the extra security code normally sent to your phone or email\. Google believes AI played a major role in helping the attackers discover and weaponize the flaw\. The company noticed several signs that strongly pointed toward[AI\-generated code](https://www.pcguide.com/news/linux-kernel-now-allows-ai-generated-code-as-long-as-you-take-full-responsibility-for-any-bugs/)\. The Python script used in the attack reportedly included unusually detailed educational comments, overly structured formatting, and even a fake or “hallucinated” CVSS security score, which is something commonly seen in content produced by large language models\. Fortunately, Google says it worked with the affected vendor before the vulnerability could be widely exploited\. The company believes the hackers were planning a large\-scale attack campaign, but the issue was patched before that could happen\. ## Zero\-day exploit successfully found with help from AI What makes this situation especially worrying is that this appears to be the first confirmed case where AI was successfully used to help develop a zero\-day exploit\. Security researchers have warned for years that AI could eventually become a major cybercrime weapon, and Google now says that moment may already be here\. The report also explains that AI is being used in many other dangerous ways\. Some malware strains can now dynamically modify their own code while running in order to avoid detection from antivirus software\. Other malicious tools can automatically generate fake code, create exploit payloads on the fly, or add layers of obfuscation that make attacks harder to analyze\. Google also noted that state\-sponsored hacking groups from countries like China and North Korea are heavily experimenting with AI tools for vulnerability research and exploit development\. Some groups reportedly use AI to rapidly analyze security flaws and test proof\-of\-concept exploits at a scale that would normally require much more time and manpower\. While AI can clearly be useful for productivity and software development, reports like this show how quickly the technology can also be turned into a cybersecurity threat\. And according to Google’s researchers, this may only be the beginning\. --- ![](https://cdn.shortpixel.ai/spai/q_lossy+ret_img+to_auto/www.pcguide.com/wp-content/uploads/2023/10/IMG_8117-96x96.jpg)

Similar Articles

Cybercriminals Are Making Powerful Hacking Tools With AI, Google Warns

Reddit r/artificial

Google warns that cybercriminals and nation-state actors are increasingly using AI to rapidly develop sophisticated hacking tools, including the first confirmed AI-generated zero-day exploit. The report highlights how AI lowers the technical barrier for cyberattacks, enabling even low-skilled hackers to execute complex operations.

"For the first time, Google has identified a threat actor using a zero-day exploit that we believe was developed with AI. The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use."

Reddit r/ArtificialInteligence

Google's Threat Intelligence Group reports its first discovery of an AI-generated zero-day exploit intended for mass exploitation, highlighting a growing trend of adversaries using AI for malware development, defense evasion, and autonomous cyberattacks.