Google stopped a zero-day hack that it says was developed with AI
Source: The Verge
Overview
Google’s Threat Intelligence Group (GTIG) reports that it has, for the first time, identified and halted a zero‑day exploit that was developed with the assistance of artificial intelligence. The exploit was being prepared by “prominent cyber‑crime threat actors” for a potential mass‑exploitation campaign.
Exploit Details
- Target: An unnamed open‑source, web‑based system administration tool.
- Goal: Bypass two‑factor authentication (2FA).
- Indicators of AI involvement:
- A “hallucinated” CVSS score embedded in the Python script.
- Structured, textbook‑like formatting that matches typical large‑language‑model (LLM) training data.
The Python script used for the exploit contained these AI‑generated artifacts, suggesting that the attackers leveraged generative AI to craft the vulnerability.
Google’s Response
Google’s security researchers detected the AI‑assisted code, analyzed its behavior, and intervened before the exploit could be deployed at scale. By disrupting the planned attack, Google prevented a widespread breach that could have compromised numerous systems relying on the targeted tool.
References
- Full story: The Verge