Criminals now using AI to hunt and weaponize zero‑days, Google warns

Google’s Threat Intelligence Group reports the first known real-world case of criminals using AI to discover and weaponize a zero-day vulnerability — a 2FA bypass in a popular open-source admin platform — as part of a planned mass exploitation campaign. The attackers used an AI model to identify the flaw and generate a polished exploit script that showed clear LLM characteristics like educational docstrings and hallucinated CVSS scores. Google helped patch the issue quietly before the campaign took off, but warns that AI-assisted vulnerability discovery and attack automation are already here and accelerating. State actors from North Korea and China are also heavily experimenting with AI for exploit development and target probing.

Read the full story on The Register →