Google Detects AI-Created Exploit, Thwarts ‘Mass Exploitation Operation’
Groups of threat actors partnered together to launch what Google threat intelligence researchers called a “mass vulnerability exploitation operation” using a zero-day exploit likely developed using AI.
The exploit marks the first time such malicious code was created by AI and is among the latest examples of how cybercriminals are advancing their use of the technology in their nefarious operations, the researchers wrote in a report this week.
Google and its security arms – including Google Threat Intelligence Group and Mandiant – have been tracking the use of AI by nation-state and financially motivated groups, highlighting the “dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks.”
The regular reports “track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows,” the researchers wrote.
Threat researchers with Google and other IT and security vendors over the past year have illustrated the rapid maturity of threat groups’ use of AI. AI vendors like OpenAI and Microsoft detailed ways bad actors are using their AI technologies in attacks. Anthropic in November 2025 pointed to an escalation in AI use by cybercriminals. HiddenLayer researchers earlier this month discovered an AI model posing as an OpenAI release that was widely downloaded from Hugging Face. The malicious model was found to be distributing credential-stealing malware to Windows systems.
AI-Developed Vulnerability Exploit
The highlight in Google’s most recent report was the discovery of AI being used to detect a vulnerability and generate an exploit and the plan to use the malicious code in a significant cyberattack that Google disrupted.
The researchers said they didn’t believe Google’s Gemini AI model was used to develop the malicious code, they wrote that “we have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability. For example, the script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data (e.g., detailed help menus and the clean _C ANSI color class).”
The vulnerability was a two-factor authentication (2FA) bypass, which required valid user credentials. The security flaw wasn’t the result of common implementation errors – memory corruption and improper input sanitization being examples – but a “high-level semantic logic flaw where the developer hardcoded a trust assumption.”
LLMs’ Ability to Find Flaws
“While fuzzers and static analysis tools are optimized to detect sinks and crashes, frontier LLMs excel at identifying these types of high-level flaws and hardcoded static anomalies,” the researchers wrote. “Though frontier LLMs struggle to navigate complex enterprise authorization logic, they have an increasing ability to perform contextual reasoning, effectively reading the developer’s intent to correlate the 2FA enforcement logic with the contradictions of its hardcoded exceptions.”
With such capabilities, models can find dormant logic errors that seem functionally correct to traditional scanners but that are broken from a security perspective.
A Warning Sign
Google’s discovery is the latest example of how bad actors are using AI to accelerate the discovery and exploitation of vulnerabilities at scale and is a sign of what’s to come, according to security pros. Google noted that threat groups aligned with China and North Korea “have leveraged sophisticated approaches toward AI-augmented vulnerability discovery and exploitation, beginning with persona-driven jailbreaking attempts and the integration of specialized, high-fidelity security datasets to augment their vulnerability discovery and exploitation workflows.”
“AI has changed the economics of exploit development,” said Nicole Carignan, senior vice president of security and AI strategy and Field CISO for Darktrace. “It industrializes what was previously a high-skill, time-intensive process, turning it into something that is more repeatable and scalable, that can be done faster and by a broader range of actors.”
Google’s research shows that “bad actors have built out an infrastructure that enables them to gain persistent, free access to premium commercial AI models,” Carignan added. “That means they can spend time building sophisticated capabilities in the best AI models and there is no limit to their usage. Compared with the more cautious approach taken by defenders, that gives a clear advantage to the attackers.”
Operationalizing the Technology
Jacob Krell, senior director of secure AI solutions and cybersecurity at Suzu Labs, said the research “is the first receipt for a capability that was already visible. AI has already surfaced hundreds of previously unknown vulnerabilities in mature codebases and turned ordinary tradecraft into scalable operations. Google has now confirmed the operational version.”
“AI-augmented exploit development is the natural next step in the industrialization arc that produced ransomware-as-a-service and initial access brokering. The scaffolding required is not exotic,” Krell said. “The offensive side is not waiting for the tooling to mature. It is maturing the tooling.”
Defense Evasion, Supply Chain Threats
The AI-developed zero-day was one of several examples Google laid out demonstrating how bad actors are advancing their use of the technology. This includes accelerating the development of infrastructure suites and polymorphic malware – code that can change its features – that helps evade defenses, creating autonomous attack orchestration code, using AI as a high-speed research assistant, and developing obfuscation techniques to gain high-level access to large language models.
In addition, threat groups like TeamPCP “have begun targeting AI environments and software dependencies as an initial access vector,” Google researchers wrote. “These supply chain attacks result in multiple types of machine learning (ML)-focused risks.”
They added that these attacks show “threats actors attempting to pivot from compromised AI software to broader network environments for initial access and to engage in disruptive activities, such as ransomware deployment and extortion,” they added.
