Google Detects First AI-Built Zero-Day Exploit in a Confirmed Cyberattack

A line has been crossed in AI-enabled cybercrime. On May 11, 2026, Google's Threat Intelligence Group (GTIG) announced it had caught a criminal hacker group using artificial intelligence to develop a working zero-day exploit — the first confirmed case of its kind. Google says it likely thwarted what was shaping up to be a mass exploitation campaign, potentially affecting thousands of organizations worldwide.

What Happened — and Why It's a First

A zero-day vulnerability is a security flaw that's unknown to the software developer and has no patch available. Finding one requires deep technical expertise, and building a working exploit to take advantage of it is even harder. Until now, that kind of capability has been largely confined to elite nation-state hackers and well-resourced criminal organizations.

AI just lowered that bar.

GTIG researchers say they have "high confidence" that the criminal group used an AI large language model to both discover the vulnerability and generate a functional Python exploit. The target: a popular open-source web-based system administration tool. Specifically, the AI found a way to bypass two-factor authentication (2FA) — the extra verification step that millions of businesses rely on to keep attackers out.

The flaw itself was a semantic logic error — the kind that's genuinely hard for humans to spot, where a developer hardcoded a trust assumption that contradicted the application's authentication enforcement. The AI found it anyway.

The Fingerprints Were Unmistakably AI

How did Google know AI was involved? The exploit code left a trail.

GTIG analysts noted several telltale signs: the Python script contained educational docstrings (explanatory comments you'd see in a tutorial, not a criminal tool), the code was unusually clean and textbook-style in structure, and it included a hallucinated CVSS score — a vulnerability severity rating that didn't actually exist. These are all characteristics consistent with LLM-generated code, not human-authored exploits that typically look messier and more idiosyncratic.

Google confirmed it does not believe its own Gemini model was used in the attack, but declined to identify which AI model the criminal group leveraged.

Google Quietly Patched the Flaw Before the Attack

When GTIG discovered the exploit, Google worked directly with the unnamed software vendor to patch the vulnerability before the criminal campaign could launch at scale. The quiet, coordinated disclosure approach — rather than a public announcement — appears to have been deliberate, aimed at pulling the rug out from under the attack before the hackers knew they'd been caught.

Google says the mass exploitation event the criminals were planning "may have been disrupted" as a result. The word "may" is doing some work here — Google is being careful not to claim the threat is fully neutralized.

The Expert Verdict: The AI Arms Race Is Already Here

The industry reaction to this disclosure has been pointed. John Hultquist, chief analyst at GTIG, cut straight to it: "There's a misconception that the AI vulnerability race is imminent. The reality is that it's already begun. For every zero-day we can trace back to AI, there are probably many more out there."

That's a sobering statement from someone whose job is to track exactly these threats. The implication is clear: this isn't a proof-of-concept or a research paper. It's a real criminal operation that nearly succeeded.

Security experts have been warning for years that AI would eventually be weaponized to accelerate vulnerability discovery. The assumption was that this would remain the domain of sophisticated nation-state actors for the foreseeable future. This incident suggests otherwise — the capability is apparently available to criminal groups with sufficient motivation and access to current-generation AI models.

What This Means for Organizations

The practical implications are significant for any organization that relies on 2FA, web-based administration tools, or open-source software — which is to say, nearly every enterprise on the planet.

The key shift here isn't that AI can be used for hacking in theory — security researchers have been demonstrating that for years. It's that AI is now being actively deployed in real criminal operations to find exploits that survived decades of human review and millions of automated security scans. These aren't the easy vulnerabilities that tools like Shodan can surface in minutes. These are the hard ones, the logic errors buried in authentication flows that human auditors consistently miss.

For security teams, the accelerated pace of AI-assisted vulnerability discovery means that patching cadences, threat intelligence monitoring, and incident response capabilities need to keep up. A vulnerability that would have taken months to discover manually can now potentially be found in hours or days.

What's Next

Google's disclosure signals that GTIG and other threat intelligence groups are actively watching for AI involvement in attack campaigns — and the fact that they caught this one is encouraging. But Hultquist's warning about the unknown scope of AI-assisted attacks should motivate organizations to revisit their assumptions about dwell time and exposure windows.

Expect this story to drive renewed urgency in the AI safety and cybersecurity policy space. There are already active discussions in Washington and Brussels about AI's role in offensive cyber operations. This incident hands policymakers a concrete, confirmed example to point to.

The Bottom Line

Google just confirmed what security professionals have feared: AI is now a real weapon in criminal hackers' arsenals, not just a theoretical future threat. The first AI-built zero-day has been caught in the wild — used to target 2FA in a planned mass exploitation campaign. Google disrupted this particular attack, but by Google's own analyst's assessment, there are likely more out there right now that nobody has caught yet. If your organization hasn't factored AI-accelerated attack discovery into your security posture, this is the wake-up call.