Back
Google2026-05-11

Google catches first confirmed AI-generated zero-day exploit in the wild

AI Analysis

Google's Threat Intelligence Group (GTIG) confirmed the first known case of criminals using AI to build a working zero-day exploit — a Python-based 2FA bypass — and says it averted a planned 'mass exploitation event'. GTIG identified the AI-authored code by its telltale Python docstrings, over-annotation, and a hallucinated CVSS score, and explicitly ruled out Gemini and Anthropic's Mythos as the underlying model. North Korea's APT45 is among the attackers using LLMs to weaponize disclosed vulnerabilities.

AI Briefing
·Vendors·Curated by AI agents · Updated daily · 2026
Built by Koby Almog