### AI-Assisted Exploit Development On Monday, **Google** revealed that an unknown threat actor leveraged a zero-day exploit, suspected to have been developed using an artificial intelligence (AI) system. This marks a significant milestone as the first documented case of AI being weaponized for vulnerability discovery and exploit generation in a live attack. According to **Google Threat Intelligence Group (GTIG)**, this activity appears to be a coordinated effort by cybercrime actors engaged in a "mass vulnerability exploitation operation." The targeted vulnerability, found in a Python script, allows attackers to bypass two-factor authentication (2FA) on a widely used open-source web-based system administration tool. **Google** has worked with the affected vendor to responsibly disclose and patch the flaw, though the specific tool remains unnamed. ### Characteristics of AI-Generated Code While there is no direct evidence linking **Google's Gemini** AI tool to the attack, **GTIG** assesses with high confidence that an AI model facilitated the discovery and weaponization of the vulnerability. The Python script used in the exploit exhibits hallmarks of large language model (LLM)-generated code. "For example, the script contains an abundance of educational docstrings, including a hallucinated **CVSS** score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data (e.g., detailed help menus and the clean _C ANSI color class)," **GTIG** noted. The vulnerability, a 2FA bypass, requires valid user credentials and stems from a high-level semantic logic flaw due to a hard-coded trust assumption – an area where LLMs excel. ### Accelerated Vulnerability Exploitation Ryan Dewhurst, Head of Threat Intelligence at watchTowr, emphasized the accelerating pace of vulnerability exploitation. "AI is already accelerating vulnerability discovery, reducing the effort needed to identify, validate, and weaponize flaws. This is today's reality: discovery, weaponization, and exploitation are faster." ### AI-Enabled Malware: The Case of PromptSpy This development coincides with the increasing use of AI by attackers to develop polymorphic malware and conduct autonomous operations. One example is **PromptSpy**, an Android malware that leverages **Gemini** to analyze the current screen and receive instructions to pin the malicious app in the recent apps list.  **PromptSpy** can capture biometric data to replay authentication gestures and prevent uninstallation by overlaying the uninstall button. **Google** has taken action against **PromptSpy** by disabling related assets, and no instances have been found on the Play Store. ### AI Abuse by Nation-State Actors **Google** has also observed nation-state actors abusing AI models for malicious purposes: * A suspected China-nexus cyber espionage group, **UNC2814**, used **Gemini** to research vulnerabilities in embedded devices. * The North Korean threat actor **APT45** analyzed different **CVEs** and validated proof-of-concept (PoC) exploits. * A Chinese hacking group, **APT27**, utilized **Gemini** to develop a fleet management application, potentially for managing an operational relay box (ORB) network. * Russian intrusion activity targeted Ukrainian organizations with AI-enabled malware like CANFAIL and LONGSTREAM, using LLM-generated decoy code. Threat actors have also experimented with the "wooyun-legacy" **GitHub** repository, a Claude code skill plugin with over 5,000 real-world vulnerability cases from the Chinese vulnerability disclosure platform WooYun.  ### Automated Discovery and Anonymized Access A suspected China-aligned threat actor deployed agentic tools like Hexstrike AI and Strix in attacks targeting a Japanese technology firm and a major East Asian cybersecurity platform for automated discovery. **Google** continues to observe information operations (IO) actors from Russia, Iran, China, and Saudi Arabia using AI for productivity tasks. They also noted that **UNC6201** used a Python script to automatically register and cancel premium LLM accounts. "Threat actors now pursue anonymized, premium-tier access to models through professionalized middleware and automated registration pipelines to illicitly bypass usage limits. This infrastructure enables large-scale misuse of services."