Overview
- Google’s Threat Intelligence Group said Monday it found a zero-day targeting a popular open-source web admin tool, with a Python script that could bypass two-factor authentication before a planned mass exploitation was disrupted by a rapid vendor patch.
- Analysts cited hallmarks of AI-generated code in the exploit, including heavy instructional docstrings, a fabricated CVSS score, and a clean, textbook Python structure, and they said neither Google’s Gemini nor Anthropic’s Mythos created it.
- The bypass still required valid usernames and passwords, which means the flaw could have turned stolen or reused credentials into full access by skipping the final 2FA check on affected systems.
- Google’s report details broader AI adoption by threat groups, noting China- and North Korea-linked actors using models to find bugs and validate exploits, Russia-linked operations hiding malware with AI-written decoy logic, and Android malware like PROMPTSPY using an agent to read screens, click through interfaces, and replay biometric or PIN gestures.
- Researchers warn attackers are industrializing access to premium AI models and probing the AI software supply chain, which could push organizations to tighten model governance, harden integrations like APIs and plugins, and shorten patch windows.