Google AI Intercepts First AI-Generated Zero-Day Exploit

In a landmark cybersecurity development, Google Threat Intelligence Group (GTIG) announced on May 12 that it disrupted a planned mass exploitation campaign leveraging what it confirms is the first zero-day exploit built by criminal hackers using artificial intelligence. The exploit targeted a two-factor authentication (2FA) bypass vulnerability in a popular open-source system administration tool, marking a new frontier in AI-driven cyber warfare.

GTIG coordinated with the vendor to issue a patch after detecting the exploit, with the Big Sleep AI agent assisting in the identification process. This interdiction represents the first documented case of an AI-built exploit being intercepted and neutralized by another AI system, underscoring a rapidly evolving arms race between offensive and defensive AI technologies.

The malicious script exhibited hallmark characteristics of large language model (LLM) generation, including a hallucinated Common Vulnerability Scoring System (CVSS) score and textbook formatting. According to GTIG, the group does not believe its Gemini model was used to create the exploit, suggesting the attackers deployed a third-party or custom AI tool to engineer the zero-day.

The event signals the industrialized use of AI in cyber operations, with AI defense systems like Big Sleep proving effective at countering AI-generated threats. As criminal hackers increasingly leverage generative AI to accelerate exploit development, the security industry faces a critical inflection point where AI-driven detection and response capabilities become essential for staying ahead of automated attacks.