How the Exploit Worked
Google disclosed on Monday that its Threat Intelligence Group (GTIG) identified a cybercrime campaign where an unknown threat actor used an artificial intelligence system to develop a zero day exploit. The exploit targeted a popular open source web based system administration tool, allowing attackers to bypass two factor authentication (2FA) protections. Google did not name the affected application but said it worked with the vendor to responsibly disclose and patch the flaw before the activity escalated.
The exploit was delivered as a Python script that analysts said bore all the hallmarks of large language model (LLM) generated code. The script contained excessive educational docstrings, a hallucinated vulnerability scoring metric, and a rigid textbook Pythonic format consistent with AI training data. The vulnerability itself stemmed from a hard coded trust assumption in the software’s authentication logic, a type of high level semantic flaw that experts say LLMs are particularly adept at identifying.
Impact and Scope
This campaign marks the first confirmed instance of an AI system being used in the wild for vulnerability discovery and exploit generation on a mass scale. The attackers required valid user credentials to trigger the 2FA bypass, meaning the flaw was a secondary attack vector rather than a standalone entry point. Still, the development signals a dangerous shift in the threat landscape, as AI lowers the barrier for finding and weaponizing software flaws.
Google assessed with high confidence that an AI model was instrumental in both discovering the vulnerability and crafting the exploit code. While there is no evidence that Google’s own Gemini tool was involved, the company warned that this type of automation will likely accelerate the rate at which criminals can produce functional exploits. Security researchers called the event a wake up call for defenders to adopt AI driven detection methods.
Source: The Hacker News
