AI Just Wrote a Working Zero-Day. The Exploitation Window Is Now Hours.

An AI model found a flaw, wrote a working exploit, and pushed it toward mass deployment

On May 11, 2026, Google's Threat Intelligence Group disclosed the first case it has caught in the wild: an unknown threat actor used an artificial intelligence model to discover a zero-day vulnerability in a popular open-source system administration tool, then used the same model to write a working Python exploit that bypassed two-factor authentication. The campaign was scoped, in Google's own words, as a "mass vulnerability exploitation operation."

The threshold has moved. Until this disclosure, AI-assisted attacks meant phishing emails, deepfaked voices, and code suggestions. Now an LLM is being used end-to-end to find a real flaw and ship a working exploit.

What we know

GTIG investigators identified the exploit code as machine-generated by its surface tells: a hallucinated CVSS score baked into a docstring, textbook Pythonic structure, an unusually clean ANSI color class, and dense educational comments that no human attacker bothers to write. The underlying flaw was a semantic logic bug — a hard-coded trust assumption — that traditional fuzzing rarely catches but that LLMs are unusually good at spotting. The full report is available from Google Threat Intelligence Group.

• The targeted product is a widely-used open-source, web-based system administration tool. Google has not named it, and worked with the vendor to patch before public disclosure.
• The 2FA bypass requires valid user credentials, making this an obvious pairing for the stolen-credential market that already feeds infostealer logs.
• Google states with high confidence that an AI model was used. It explicitly notes there is no evidence its own Gemini model was involved.
• The same report documents AI use by China-linked UNC2814 for embedded device research, North Korea's APT45 for recursive CVE analysis, and a Russia-nexus group deploying LLM-generated decoy code in malware aimed at Ukraine.

Why it matters

Synack's 2026 State of Vulnerabilities Report, published May 18, recorded 48,244 published CVEs in 2025 — a 20% jump year-over-year — and average mean time to remediation falling from 63 days to 38. The pressure forcing those numbers down is the same pressure described by Google: AI-equipped attackers are compressing the window between disclosure and exploitation to hours, and in this case, the window between discovery and weaponization to nothing at all.

For defenders, three things change at once. The economics of exploit development drop toward zero. The attacker no longer needs a specialist on staff to chain a semantic flaw into working code. And the tooling exists today — not in some future scenario.

What to do about it

1. Treat valid credentials as already-compromised. This exploit pairs with stolen passwords. Move every administrative interface behind phishing-resistant MFA — hardware keys or platform passkeys — and shorten session lifetimes.
2. Inventory and harden open-source admin tools. The exact product Google flagged is undisclosed, but the class is well known: web-based panels, dashboards, and control interfaces. Pull them off the public internet, put them behind a VPN or zero-trust proxy, and patch within 24 hours of any vendor advisory.
3. Subscribe to vendor advisories, not just the NVD. The disclosure here ran vendor-direct. Organizations that wait for CVE assignment will be late. Set up direct intake from the vendors whose tools sit in your administrative paths.

Bottom line

One AI-assisted zero-day was caught this month because Google was watching closely. The next ones will be caught later, or not at all. The defender playbook is unchanged in principle — patch fast, kill credential reuse, lock down admin surfaces — but the timeline to execute it has compressed from weeks to hours. Move the things you have been meaning to move.