Practical guides to protect yourself, your family, and your business from AI-driven scams, deepfakes, and emerging cyber threats.
Popular articles
The first AI-built exploit just hit the wild
On May 11, 2026, Google's Threat Intelligence Group disclosed something defenders have spent two years waiting for: a working zero-day exploit, built with the help of an AI model, deployed by a criminal group, and staged for a mass exploitation campaign. Google caught it first and worked with the vendor to ship a quiet patch. The exploit is real. The technique is now public.
What Google found
According to GTIG's report, the exploit is a two-factor authentication bypass implemented in a Python script, targeting a widely used open-source web-based system administration tool. Google has not named the tool — disclosure happened before the campaign could scale.
The exploit code itself fits a pattern Google's analysts called characteristic of LLM-generated work:
- Dense, educational docstrings explaining every function
- A CVSS score the model hallucinated — there is no published CVE
- Textbook Pythonic structure with detailed help menus
- A clean ANSI color class for terminal output, lifted straight from training data
The vulnerability itself is what makes the AI angle credible. It is a high-level semantic logic flaw — a hard-coded trust assumption that a careful human reviewer would have to read the codebase carefully to find. Large language models, as it turns out, are unusually good at spotting that pattern. Google attributes the discovery and the weaponization to an AI model with high confidence. It also notes that Gemini was not the model used.
Why this matters
For two years the discussion of AI-assisted offensive operations has been hypothetical — what models could theoretically do, what red teams demonstrate in controlled tests. This is the first publicly attributed case of a criminal group shipping a finished AI-built exploit at industrial scale. The line between research curiosity and what your patch cycle has to outrun just moved.
The rest of the GTIG report makes the trend harder to dismiss. North Korean group APT45 has been observed feeding Gemini thousands of repetitive prompts to recursively validate proof-of-concept exploits across known CVEs. A suspected China-aligned cluster jailbroke Gemini with persona prompts to research vulnerabilities in TP-Link firmware and OFTP implementations. Russia-linked actors delivered AI-enabled malware families — CANFAIL and LONGSTREAM — against Ukrainian targets. The 2FA-bypass exploit is a milestone, not an isolated event.
Ryan Dewhurst, head of threat intelligence at watchTowr, framed the operational picture in a statement: "AI is already accelerating vulnerability discovery, reducing the effort needed to identify, validate, and weaponize flaws. Discovery, weaponization, and exploitation are faster. There is no mercy from attackers, and defenders don't get to opt out."
What to do about it
- Shorten the patch SLA on internet-facing admin tools. The window between disclosure and mass exploitation is now hours, not weeks. Web-based admin panels, jump hosts, and remote management interfaces should be your first-tier patching priority.
- Treat MFA as a layer, not a finish line. The exploit required valid credentials and still defeated the second factor. Pair MFA with phishing-resistant methods like passkeys or hardware security keys, and assume credentials will leak.
- Wire AI-specific threat intel into your weekly review. Google's Threat Intelligence Group, Microsoft Threat Intelligence, and the published threat reports from major model vendors are now releasing real incident data. Pick one and read it every week.
Bottom line
The first AI-built zero-day in the wild was caught and patched. The second one will not be. The defensive playbook does not change — patch faster, segment harder, log everything — but the urgency does. The same tool an attacker uses to find your unpatched system is now the tool that writes the exploit for it.
