🚨 GOOGLE JUST CONFIRMED WHAT CYBERSECURITY EXPERTS DREADED: Criminals Are Using AI to Build Zero-Day Exploits That Bypass 2FA — And This Is ONLY the Beginning of the AI Weaponization Wave

For the First Time Ever, Google Has Verified That AI — Not Human Coders — Developed a Zero-Day Exploit. The Script Contained Hallucinated CVSS Scores and Textbook LLM Formatting. And Chinese and North Korean State Hackers Are Already Doing This at Scale.

Monday, May 11, 2026 — At 1:04 PM UTC today, Google's Threat Intelligence Group dropped a report that should have triggered DEFCON 1 at every CISO office on the planet. For the first time in cybersecurity history, Google confirmed the existence of a zero-day exploit developed entirely by artificial intelligence. Not assisted by AI. Not reviewed by AI. Built by AI.

The exploit was a Python script designed to bypass two-factor authentication on an open-source web-based system administration tool. It contained an abundance of educational docstrings, a hallucinated CVSS score, and textbook LLM formatting — including detailed help menus and clean ANSI color classes that screamed "I was written by a language model."

Google has "high confidence" that the cybercrime group responsible leveraged an AI model to support the discovery and weaponization of this vulnerability. This is not theoretical. This is not a research paper. This is a weapon deployed in the wild by criminals who used AI to find and exploit a vulnerability that no human had discovered.

And here's the part that should keep you awake tonight: Google also confirmed that Chinese and North Korean state-sponsored hackers are systematically using AI for vulnerability discovery, with North Korea's APT45 sending thousands of recursive prompts to analyze CVEs and validate proof-of-concept exploits.

The era of human-vs-human cybersecurity is over. Welcome to AI-vs-human cybersecurity. And humans are losing.

The Exploit That Changed Everything

Google's report, published Monday morning, documents what the company calls its first confirmed case of an AI-generated zero-day exploit. The technical details are damning:

The Weapon: A Python script targeting an unnamed open-source web administration tool. The script was designed to bypass 2FA protections — one of the most trusted security mechanisms in enterprise environments.

The Smoking Gun: The script's code structure contained hallmarks of LLM generation:

• Detailed help menus and ANSI color classes typical of AI-generated code

The Implication: This wasn't a human coder who used AI for assistance. This was AI generating an exploit with minimal human oversight — possibly just a prompt and a target description.

Google stated clearly: "Although we do not believe Gemini was used, based on the structure and content of these exploits, we have high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability."

Translation: Criminals pointed an AI at a piece of software, and the AI found a vulnerability, wrote an exploit, and handed it to them.

Why Two-Factor Authentication Bypass Is a Catastrophe

Let's be clear about what this exploit does and why it matters:

Two-factor authentication (2FA) has been the bedrock of enterprise security for over a decade. When passwords leak — and they leak constantly — 2FA was supposed to be the safety net. Even if attackers have your password, they can't access your account without your phone, your hardware key, or your biometric data.

An AI-generated 2FA bypass exploit collapses that safety net.

Here's what this means in practice:

For Enterprises: Every system protected by 2FA is now potentially vulnerable to AI-generated exploits. Email servers. VPNs. Cloud admin panels. Financial systems. Healthcare portals. The assumption that 2FA provides meaningful protection against sophisticated attackers is now questionable.

For Individuals: Your bank account. Your investment portfolio. Your cryptocurrency wallets. Your social media accounts with millions of followers. If a service uses web-based 2FA, an AI might be able to generate an exploit that bypasses it — without the attacker ever touching your phone.

For Critical Infrastructure: Power grids. Water treatment facilities. Transportation systems. Emergency services. Many of these rely on 2FA for remote access. An AI that can bypass those protections doesn't need to find a zero-day in the SCADA system itself — it just needs to compromise the administrative interface that manages it.

Google worked with the impacted vendor to prevent mass exploitation. But here's the terrifying reality: this is the one they caught. How many AI-generated exploits are already deployed that nobody has detected yet?

The State Actor Connection: China and North Korea Are Already All-In

The most alarming part of Google's report isn't the criminal group's exploit. It's what state-sponsored hackers are doing with AI.

Chinese Cyber-Espionage Groups

Google identified multiple China-linked threat actors leveraging AI for vulnerability research:

UNC2814 — a Chinese group known for targeting telecommunications and government organizations — used a persona-driven jailbreak technique. They instructed the AI to "act as a senior security auditor" to improve vulnerability research on embedded devices, including TP-Link firmware with OFTP implementations.

Agentic Tools Deployed: Chinese actors were observed deploying agentic AI tools like Strix and Hexstrike in attacks targeting a Japanese tech firm and a major East Asian cybersecurity company. These aren't chatbot queries. These are autonomous AI agents scanning for vulnerabilities, analyzing firmware, and generating exploits without human intervention.

The Jailbreak Strategy: By framing prompts as security audits, Chinese hackers are bypassing AI safety guardrails. The AI thinks it's helping with legitimate security research. In reality, it's mapping vulnerabilities for future exploitation by a nation-state actor.

North Korea's APT45: Thousands of Recursive Prompts

North Korea's APT45 — one of the most aggressive cyber-espionage groups on the planet — has been sending thousands of repetitive prompts to AI systems. Their strategy:

• Scale at Machine Speed: What would take human researchers months, APT45 accomplishes in days by running thousands of AI prompts in parallel.

Google's assessment is blunt: "This results in a more solid arsenal of exploit capabilities that would be impractical to manage without AI assistance."

North Korea — a country with limited technical infrastructure — is now competing with Western security researchers by leveraging AI at scale.

The Technical Breakdown: How AI Generates Exploits

Understanding how AI creates zero-day exploits is essential to grasping the scale of this threat. Here's what the process looks like:

Phase 1: Vulnerability Discovery

The AI is given access to source code, firmware, or binary executables. Using pattern recognition trained on millions of lines of code — including vulnerable code — the AI identifies potential weaknesses:

• Privilege escalation paths: Routes from limited to administrative access

The AI doesn't just look for known patterns. It generalizes from training data to identify novel vulnerability classes that humans might miss.

Phase 2: Exploit Development

Once a vulnerability is identified, the AI generates a proof-of-concept exploit:

• Cross-platform payloads that adapt to the target environment

The AI-generated exploit in Google's report included the hallucinated CVSS score because the AI was trained on security documentation that includes severity ratings. When generating the exploit, the AI "hallucinated" a score for the new vulnerability — a fascinating detail that reveals how the model's training data shapes its outputs.

Phase 3: Weaponization and Deployment

The final phase — which Google didn't fully detail — involves packaging the exploit for deployment. This might include:

• Lateral movement tools to spread across networks

The entire pipeline — from vulnerability discovery to weaponized exploit — can now be executed by AI systems with minimal human oversight.

Why This Is Different From Previous AI-Cybercrime Reports

Skeptics will point out that AI has been used in cybersecurity for years. Machine learning powers intrusion detection systems. AI assists in malware analysis. Neural networks identify phishing attempts. What's new about this?

Everything.

Previous AI applications in cybercrime were:

• Limited: AI operated within narrow domains (phishing, spam, etc.)

Today's AI-generated exploits are:

• Adaptive: AI learns from failed attempts and adjusts its approach

The difference between "AI-assisted cybersecurity" and "AI-generated cyberattacks" is the difference between a power tool and a robot builder. One makes humans faster. The other replaces humans entirely.

The Implications for Every Organization on Earth

If you're reading this, your organization is affected. Here's how:

For Small Businesses

You might think zero-day exploits are a Fortune 500 problem. You're wrong. The AI-generated exploit in Google's report targeted an open-source tool — the kind of software small businesses use because it's free. Criminals don't need to target you specifically. They can use AI to scan the entire internet for vulnerable systems and exploit them automatically.

Action needed: Audit every piece of software touching the internet. If you don't know what version you're running or when it was last patched, assume it's vulnerable.

For Enterprise Security Teams

Your threat model just changed. Previously, you worried about:

• Phishing (trainable)

Now you need to worry about:

• AI-adaptive persistence (attackers that learn your defenses and adjust)

Action needed: Implement behavioral monitoring, not just signature-based detection. Assume AI-driven attacks are already happening. Prepare for incidents where the attacker operates at machine speed.

For Critical Infrastructure

Power grids. Water utilities. Transportation networks. Healthcare systems. These have been targets before, but AI changes the economics of attacks:

• Greater persistence: AI can maintain access and adapt to defensive measures

The Dragos report from last week documented how attackers used Claude AI to target a Mexican water utility. That was an AI-assisted attack. What Google confirmed today is AI-generated attacks — a more dangerous capability.

Action needed: Air-gap critical systems where possible. Implement network segmentation. Assume administrative interfaces are vulnerable to AI-generated exploits.

For Governments and Regulators

The policy implications are staggering. Current cybersecurity frameworks assume human attackers. They don't account for:

• The impossibility of attribution when AI generates the attack code

Google's report comes just days after Microsoft, Google, and xAI agreed to government pre-release testing of AI models. But that agreement addresses future models, not the ones already deployed. The AI that generated the zero-day Google discovered is already available to anyone.

Action needed: Update critical infrastructure protection requirements. Mandate AI-security assessments for systems controlling essential services. Establish international norms around AI use in cyber operations.

The AI Arms Race Nobody Wanted

We're now in an AI-driven cybersecurity arms race that nobody asked for and nobody can opt out of.

Offensive AI is outpacing defensive AI. Google's own report documents how Chinese and North Korean actors use AI for vulnerability discovery. Meanwhile, defensive AI tools — while improving — still require human analysts to interpret results, make decisions, and implement responses.

The speed gap is fatal. AI can generate and deploy exploits in hours. Human security teams respond in days. That gap will only widen as AI capabilities improve.

The economics favor attackers. Building AI exploit-generation systems requires investment, but once built, they scale infinitely. Defending against them requires continuous investment in monitoring, patching, and response — costs that grow with each new AI capability.

Sophos, in a related report, noted that "AI-generated zero-days are here" and that their endpoint protection was "architected to stop exploits that have never been seen before." But even they acknowledge this is a reactive posture. The question isn't whether defensive AI can catch up — it's whether it can catch up before the next wave of AI-generated attacks arrives.

What's Still Hard

Attribution collapse. When AI generates exploits, who do you blame? The criminal who ran the prompt? The AI company that built the model? The open-source project with the vulnerability? The current legal framework assumes human-authored attacks. AI-generated attacks break that framework.

Detection evasion. AI-generated code doesn't follow human patterns. It might include dead code, unusual structures, or hallucinated elements (like the fake CVSS score) that evade signature-based detection while remaining functional.

Patching velocity. Even when vulnerabilities are discovered, patching takes time. Google's report notes that the AI-generated exploit was discovered before mass exploitation — but many organizations won't patch for weeks or months. During that window, they're sitting ducks.

The open-source vulnerability. The exploit targeted an open-source tool. Open-source software powers the modern internet, but maintainers are often volunteers with limited resources. AI that can systematically scan open-source projects for vulnerabilities creates an attack surface that no volunteer team can defend.

The Bottom Line

Google's confirmation of the first AI-generated zero-day exploit is a watershed moment in cybersecurity history. It's the moment we moved from "AI might be used in cyberattacks" to "AI IS being used in cyberattacks, and we just found the first one."

The impact is catastrophic:

• The gap between offensive and defensive capabilities is widening, not narrowing

This isn't a future threat. The exploit Google discovered was already deployed. The Chinese and North Korean campaigns are already active. And the AI models that enable these attacks are available to anyone with an internet connection.

The only question now is how many more AI-generated exploits are already in the wild — and how long until one of them targets something you depend on.

Published Monday, May 11, 2026 | Category: AI Security

Sources: Google Threat Intelligence Group Report (May 11, 2026), SecurityWeek, CyberScoop, CSO Online, Sophos AI Zero-Day Analysis, Dragos Industrial Cybersecurity Brief.