{"id":873,"date":"2026-05-11T17:30:43","date_gmt":"2026-05-11T17:30:43","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=873"},"modified":"2026-05-11T17:30:43","modified_gmt":"2026-05-11T17:30:43","slug":"hackers-used-ai-to-develop-first-known-zero-day-2fa-bypass-for-mass-exploitation","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=873","title":{"rendered":"Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation"},"content":{"rendered":"
\n
<\/a><\/div>\n

Google on Monday disclosed that it identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system, marking the first time the technology has been put to use in the wild in a malicious context for vulnerability discovery and exploit generation.<\/p>\n

The activity is said to be the work of cybercrime threat actors who appear to have collaborated together to plan what the tech giant described as a \u00abmass vulnerability exploitation operation.\u00bb<\/p>\n

\u00abOur analysis of exploits associated with this campaign identified a zero-day vulnerability implemented in a Python script that enables the user to bypass two-factor authentication (2FA) on a popular open-source, web-based system administration tool,\u00bb Google Threat Intelligence Group (GTIG) said<\/a> in a report shared with The Hacker News.<\/p>\n

The tech giant said it worked with the impacted vendor to responsibly disclose the flaw and get it fixed in order to proactively disrupt the activity. It did not disclose the name of the tool.<\/p>\n

Although there is no evidence to suggest that Google’s Gemini AI tool was used to aid the threat actors, GTIG assessed with high confidence that an AI model was weaponized to facilitate the discovery and weaponization of the flaw via a Python script that featured all hallmarks typically associated with large language model (LLM)-generated code.<\/p>\n

\u00abFor example, the script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data (e.g., detailed help menus and the clean _C ANSI color class),\u00bb GTIG added.<\/p>\n

The vulnerability, described as a 2FA bypass, requires valid user credentials for exploitation. It stems from a high-level semantic logic flaw arising as a result of a hard-coded trust assumption, something LLMs excel at spotting.<\/p>\n

\u00abAI is already accelerating vulnerability discovery, reducing the effort needed to identify, validate, and weaponize flaws,\u00bb Ryan Dewhurst, watchTowr’s Head of Threat Intelligence, told The Hacker News in a statement. \u00abThis is today’s reality: discovery, weaponization, and exploitation are faster. We’re not heading toward compressed timelines; we’ve been watching the timelines compress for years. There is no mercy from attackers, and defenders don’t get to opt out.\u00bb\u00a0<\/p>\n

\n
\"Cybersecurity\"<\/a><\/div>\n<\/div>\n

The development comes as AI is not only acting as a force multiplier for vulnerability disclosure and abuse, but is also enabling attackers to develop polymorphic malware and conduct autonomous malware operations, as observed in the case of PromptSpy, an Android malware that abuses Gemini to analyze the current screen and provide it with instructions to pin the malicious app in the recent apps list.<\/p>\n

Further investigation of the backdoor has uncovered a broader set of capabilities to allow the malware to navigate the Android user interface and autonomously monitor and interpret real-time user activity to determine the next course of action using an autonomous agent module.<\/p>\n

\"\"<\/a><\/div>\n

PromptSpy is also equipped to capture victim biometric data to replay authentication gestures, such as a lock screen PIN or a pattern, to regain access to a compromised device. On top of that, it’s capable of preventing uninstallation by making use of an \u00abAppProtectionDetector\u00bb module that identifies the on-screen coordinates of the \u00abUninstall\u00bb button and serves an invisible overlay just over the button to block a victim’s touch events and give the impression that the button is unresponsive.<\/p>\n

\u00abWhile PromptSpy initializes using hardcoded default infrastructure and credentials, the malware is designed with high operational resilience, allowing adversaries to rotate critical components at runtime without redeploying the PromptSpy payload,\u00bb Google said.<\/p>\n

\u00abSpecifically, the malware’s command-and-control (C2) infrastructure, including the Gemini API keys and the VNC relay server, can be updated dynamically via the C2 channel. This configuration model demonstrates the developers anticipated defensive countermeasures and engineered the backdoor to maintain presence even if specific infrastructure endpoints are identified and blocked by defenders.\u00bb<\/p>\n

Google said it took steps against PromptSpy by disabling all assets related to the malicious activity. No apps containing the malware have been discovered on the Play Store. Some other cases of Gemini-specific abuse spotted by Google are listed below –<\/p>\n