Google said on May 11 that hackers used artificial intelligence to build a zero-day exploit tool aimed at a widely used open-source, web-based system administration platform that could bypass two-factor or multi-factor authentication [1, 2, 3, 4, 5, 6].
The company said its Threat Intelligence team first identified the attack and judged with high confidence that AI was used to find and weaponize the flaw [7, 2, 3, 4, 8, 5]. Google said it alerted the affected software developer and blocked the threat activity before it caused damage [7, 1, 2, 3, 4, 5].
Google did not name the criminal group, the software at issue or the large language model used in the attack [2, 8, 5]. Its researchers said they believe the exploit was not generated with Anthropic's Mythos or Google's own Gemini model [2, 3, 4, 8, 5].
Some reports described signs that the code was AI-generated, including tutorial-style comments, textbook-like structure and a fake CVSS score that did not exist [4, 9, 6]. John Hultquist of Google's Mandiant unit said, "AI驱动的漏洞偵測與攻擊時代已經來臨。" He also said the case was "只是冰山一角" and "this is just the beginning" [3, 6].
Other reports on May 12 said hackers linked to North Korea, China and Russia have also been seen using AI at different stages for vulnerability research, prompt analysis or lure code generation [10, 11, 9]. Google said the incident remained the first it had seen of attackers using AI to develop a zero-day attack tool [1, 4, 5, 6].
