Particle.news
Get it on Google Play
Download on the App Store
90 ARTICLES
·
6d ago

Google Reports First AI‑Aided Zero‑Day Targeting 2FA Was Disrupted

The case shows AI moving from experiment to operational weapon in cyberattacks.

Image
Japan's Finance Minister Satsuki Katayama speaks to media after a meeting involving the Financial Services Agency, the Bank of Japan, the National Cybersecurity Office, the country's top three banks and Japan Exchange Group, following concerns about potential vulnerabilities linked to Anthropic's Mythos AI model, in Tokyo, Japan, April 21, 2026. REUTERS/Kim Kyung-Hoon
Pop-art style illustration of a hand moving a chess piece to topple an opponent, symbolizing strategic maneuvers in an agentic AI spy game and enterprise cybersecurity tactics.
Image

Overview

  • Google’s Threat Intelligence Group, which published its report Monday, said a criminal group used AI to help find and build a zero‑day in a popular open‑source web admin tool that would let attackers bypass two‑factor authentication.
  • Investigators said they have high confidence an AI model supported both discovery and weaponization, they do not believe Gemini was used, and they declined to name the group, the software, or the specific model.
  • Google worked with the vendor to patch the flaw and said the planned mass exploitation was disrupted, noting the exploit would have worked for attackers who already had a user’s password.
  • Analysis of the Python exploit code showed hallmarks of AI generation, including tutorial‑style docstrings, a fabricated CVSS score, and clean, textbook formatting.
  • The report also describes broader AI‑enabled activity, from China‑ and North Korea‑linked groups using agentic tools for vulnerability research to PROMPTSPY, an Android backdoor that reads screen state, executes clicks and swipes, captures biometrics, and resists removal.