Google has said a cybercrime group used artificial intelligence (AI) to build a hacking tool capable of bypassing defenses in a widely used system administration platform.
On May 11, 2026, Google’s Threat Intelligence Group (GTIG) published the first documented proof that a criminal group used AI to develop a zero-day exploit, targeting an open-source web administration tool. GTIG said it had uncovered and likely thwarted the attackers’ plan for what it called a “mass vulnerability exploitation operation.”
What the Exploit Did
The zero-day vulnerability was implemented in a Python script that enabled the user to bypass two-factor authentication on an unnamed “open-source, web-based system administration tool.” The vulnerability stems not from common implementation errors like memory corruption or improper input sanitization, but from a high-level semantic logic flaw where the developer hardcoded a trust assumption into the authentication flow. In practical terms, the tool had a built-in condition that told it to trust certain requests without verifying them properly, and the AI-generated script was designed specifically to exploit that condition.
While traditional fuzzers and static analysis tools are optimized to detect memory crashes and code sinks, frontier large language models (LLMs) excel at identifying these types of high-level flaws and hardcoded anomalies. The AI effectively read the developer’s intent, spotted where the authentication logic contradicted itself, and built a working attack around it.
How Google Knew AI Wrote It
GTIG attributed the exploit’s authorship to a LLM based on three specific technical fingerprints embedded in the Python script. The code contained “educational docstrings,” which are inline comments that explain the script’s own logic in the style of tutorial material, a pattern absent from exploits written by experienced human operators.
It also included a CVSS severity score that no standards body had assigned, generated by the model itself rather than drawn from a real vulnerability database. The third tell was the code’s formatting style, clean, symmetrical, and heavily annotated in a way that human-written attack tools typically are not.
Google did not reveal which AI model was used in the attack, only that it was most likely not Google’s own Gemini or Anthropic’s Claude Mythos.
Google also notified the affected company and was able to disrupt the operation before it caused any damage. The name of both the hacker group and the targeted company were withheld from the report.
What This Changes
Google warned that threat actors are now industrializing access to premium AI models using automated account creation, proxy relays, and account-pooling infrastructure to bypass usage limits and content safety restrictions on commercial AI services.
Previously, crafting a zero-day required deep expertise in reverse engineering, vulnerability research, and exploit development, skills that take years to build. An AI model can now compress much of that process into hours, lowering the skill floor for potential attackers while raising the ceiling for what experienced hackers can accomplish.
“The game’s already begun and we expect the capability trajectory is pretty sharp,” John Hultquist, chief analyst at GTIG told Cyberscoop. “We do expect that this will be a much bigger problem, that there will be more devastating zero-day attacks done over this, especially as capabilities grow.”
Google also noted that aside from its intervention, the attackers’ own implementation errors likely weakened the exploit and helped limit the damage this time around, but acknowledged that this may not hold for long as AI models become more capable.
