GOOGLE STOPS FIRST AI-DEVELOPED ZERO-DAY EXPLOIT

Google Threat Intelligence Group (GTIG) identified the exploit before attackers could launch their campaign. The vulnerability would have bypassed two-factor authentication, granting unauthorized access to systems running the unnamed administration tool. Researchers discovered evidence in the Python script indicating the exploit was developed using AI assistance. This marks the first confirmed instance of Google stopping a zero-day attack crafted with machine learning tools. The threat actors involved were described as "prominent cyber crime" groups planning a "mass exploitation event." Google did not disclose the specific open-source tool targeted, likely to give developers time to patch the vulnerability before public disclosure. The finding underscores growing concerns about AI-assisted hacking. As artificial intelligence becomes more accessible, security experts warn that threat actors can leverage these tools to automate vulnerability discovery and exploit development at scale. Google's ability to detect the AI-generated exploit suggests that machine-generated code may contain detectable patterns or signatures. However, security researchers expect attackers will refine their methods as AI capabilities advance. The discovery comes as major tech companies and governments increasingly focus on the dual-use risks of AI. While AI tools can enhance security defenses, they also lower barriers for less sophisticated attackers to develop advanced exploits. Google has not named the affected tool or provided a timeline for when developers should expect patches. The company said it followed responsible disclosure practices with the software maintainers.