Google's Threat Intelligence Group identified the first documented case of hackers using artificial intelligence to develop a zero-day exploit. The attack bypasses two-factor authentication in a popular open-source web-based system administration tool. Two-factor authentication is widely used to secure crypto accounts and wallets, including those holding Bitcoin, USDT, and other assets.
A new kind of attack Google had not seen before
In a blog post published Tuesday, Google's Threat Intelligence Group (TIG) said it had observed prominent cybercrime actors partnering to run a mass vulnerability exploitation operation. The group described this as the first documented attack where AI was used to develop working zero-day exploit code.
The target was a popular open-source, web-based system administration tool. Google did not name the product. The vulnerability allowed attackers to bypass the second authentication factor after they had already obtained valid user credentials.
Two details in the exploit code confirmed AI involvement. First, the script contained a hallucination, a characteristic error produced by large language models. Second, the code format was highly characteristic of AI model training data. Google stated it has "high confidence" the attack was prepared using a frontier LLM.
The company observed attackers partnering to plan what it called a mass exploitation operation. The report does not specify how many systems were affected or the total scale of the campaign.
Not a coding mistake but a high-level logic flaw
Researchers explain why AI detected this vulnerability in the first place. The flaw is not a classic implementation error such as memory corruption. Google classifies it as a "high-level semantic logic flaw". The original developer had hardcoded a false trust assumption about certain incoming requests.
This class of flaw is where LLMs outperform traditional code analysis tools. Large language models are effective at spotting hardcoded static anomalies and logic errors in business logic that automated scanners tend to miss.
Vulnerabilities of this type require understanding the intent of code, not just its syntax. That explains why an LLM proved effective here in a way a human reviewer might have overlooked or skipped.
China and North Korea lead AI-powered cyberattacks
Google did not name the specific threat actor. The report notes that China and North Korea have "demonstrated significant interest in capitalizing on AI for vulnerability discovery". Those two states are identified as the most active in this area.
For North Korea's cyber units, this is not a new direction. DPRK-linked hackers have spent years targeting crypto exchanges and cross-chain bridges. Adding AI tools for vulnerability research significantly expands their capabilities without changing the core playbook.
Several malware families (PROMPTFLUX, HONESTCUE, and CANFAIL) already include LLM components. Attackers use them to generate filler code and decoy logic that masks malicious payloads from security tools.
LLM-powered attacks are scaling up fast
Google warns that LLM access among threat actors is becoming industrialized. Hackers are building automated pipelines to cycle through premium AI service accounts, pool API keys, and bypass safety restrictions at scale. A large share of these operations is subsidized through trial account abuse.
Attackers are increasingly targeting not the language models themselves but the components that give them their utility. Autonomous agent skills and third-party data connectors are under pressure. Google notes that attackers have not yet achieved breakthrough capabilities to bypass the core security logic of frontier models themselves.
The company concluded that as organizations keep integrating LLMs into production environments, the AI software stack is becoming a primary target. The components that make AI systems useful are turning into the weak points of new digital infrastructure.
Comments
Your email address will not be published. Required fields are marked *