Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

Key Points:

• Google revealed the discovery of a zero-day exploit created by an unknown threat actor likely using AI, marking the first known malicious use of AI for vulnerability discovery and exploit generation in the wild.
• The exploit targeted a popular open-source web-based system administration tool, bypassing two-factor authentication (2FA) via a Python script exhibiting characteristics typical of large language model (LLM)-generated code.
• Google identified the AI-assisted nature of the attack through detailed code analysis and highlighted the accelerating role of AI in vulnerability discovery, weaponization, and exploitation by cybercriminals.
• The report also detailed AI-enabled malware like PromptSpy, which autonomously navigates Android interfaces, captures biometric data, and prevents uninstallation, demonstrating advanced operational resilience and dynamic command-and-control capabilities.
• Additionally, Google exposed widespread AI abuse by various nation-state affiliated groups leveraging AI for cyber espionage, malware development, automated vulnerability research, and illicit access to premium AI services through shadow APIs and proxy platforms.