For years, security researchers have warned that AI would eventually be turned against the systems it was designed to protect. On Monday, Google confirmed that day has arrived. The company's Threat Intelligence Group (GTIG) disclosed that it had identified a cybercrime operation using an AI-generated exploit to bypass two-factor authentication in a popular open-source web administration tool -- the first confirmed case of AI being used to discover and weaponise a zero-day vulnerability in a live attack.

The exploit, embedded in a Python script, targeted a high-level semantic logic flaw in the tool's authentication flow. The vulnerability required valid user credentials to exploit, but once obtained, allowed attackers to bypass 2FA entirely. Google worked with the affected vendor to patch the flaw before disclosing the campaign publicly.

Security operations centres are increasingly the frontline against AI-assisted cyberattacks. Image: SUPERBASH_
Security operations centres are increasingly the frontline against AI-assisted cyberattacks. Image: SUPERBASH_

The Fingerprints of an LLM

GTIG's analysis of the exploit code identified several hallmarks characteristic of large language model output. The script contained extensive educational docstrings, a hallucinated CVSS severity score, and a structured, textbook-style Pythonic format -- all consistent with code generated by an LLM trained on public repositories and security documentation.

"The script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data," GTIG wrote in its report. The group assessed with high confidence that an AI model was used to facilitate both the discovery of the flaw and the generation of the working exploit, though it found no evidence that Google's own Gemini model was involved.

"AI is already accelerating vulnerability discovery, reducing the effort needed to identify, validate, and weaponize flaws. This is today's reality: discovery, weaponization, and exploitation are faster."

— Ryan Dewhurst, watchTowr Head of Threat Intelligence

A Broader Pattern of AI-Assisted Attacks

The zero-day discovery is not an isolated incident. Google's report documents a broader pattern of state-sponsored and criminal threat actors using AI to accelerate offensive operations. North Korea's APT45 group sent thousands of repetitive prompts to Gemini to recursively analyse CVEs and validate proof-of-concept exploits. China-nexus group UNC2814 used persona-driven jailbreaking to conduct vulnerability research into embedded device firmware. Russia-linked actors deployed AI-enabled malware that uses LLM-generated decoy code to conceal malicious functionality.

Google also disclosed details of PromptSpy, an Android malware that abuses Gemini to analyse the current screen and provide instructions to pin the malicious app in the recent apps list. The malware can capture biometric data, prevent uninstallation by overlaying the uninstall button with an invisible touch-blocking layer, and update its command-and-control infrastructure dynamically to evade detection.

The Compressed Timeline Problem

The most alarming implication of the Google disclosure is not the sophistication of any single attack, but the speed at which the threat landscape is evolving. Security researchers have tracked the time-to-exploit metric -- the gap between a vulnerability being discovered and being weaponised -- collapsing from an average of 700 days in 2020 to just 44 days in 2025. AI is compressing that timeline further.

For defenders, the calculus is shifting. Patch cycles that once provided weeks of buffer now provide days. Vulnerability triage that required senior security researchers can increasingly be automated by attackers using the same LLMs that defenders use for code review. The asymmetry that has always favoured attackers -- who need to find only one flaw while defenders must protect everything -- is being amplified by AI.

Google's disclosure is a data point, not an anomaly. The security community has been anticipating this development for years. The question now is whether the defensive use of AI can keep pace with the offensive use -- and whether the institutions responsible for cybersecurity policy are moving fast enough to respond.