World’s First AI-Built Zero-Day Exploit: Hackers Used AI to Create a 2FA Bypass — And Nearly Pulled It Off

For the first time in the history of cybersecurity, a hacker group has used an artificial intelligence model to build a working zero-day exploit from scratch — and deploy it against real targets. Google’s Threat Intelligence Group (GTIG) disclosed the finding on May 11, 2026: the exploit was a Python script that bypassed two-factor authentication (2FA) on a widely deployed open-source web admin tool, and it was designed for a mass exploitation campaign affecting potentially millions of systems.

Google’s researchers caught it before the mass campaign could launch. But the implications of what they found are seismic: AI-generated zero-days are no longer theoretical. The barrier to entry for sophisticated cyberattacks just dropped dramatically — and the industry is not ready.

What Happened: The Technical Breakdown

The exploit targeted a logic flaw in an unnamed but widely deployed open-source web admin tool. The flaw is what security researchers call a “semantic logic vulnerability” — not a buffer overflow or memory corruption bug, but a flawed assumption baked into the code: a hard-coded trust assumption that let attackers bypass the second factor of authentication entirely.

Here’s why AI excels at finding exactly this kind of vulnerability: large language models are trained on enormous amounts of code. They learn patterns, conventions, and common mistakes. A hard-coded trust assumption — the kind of subtle logical error that human code reviewers miss precisely because the code “looks right” — is exactly what an LLM can spot by analyzing code at scale across entire codebases.

GTIG researchers identified multiple telltale markers of AI-generated code in the exploit script:

• Clean ANSI color classes (consistent with AI code formatting conventions)
• Organized “educational” inline comments that no human attacker would bother writing
• A fabricated CVSS score embedded in the comments — AI models sometimes generate plausible-sounding but inaccurate technical metadata
• Detailed help menus with professional formatting
• Unusual consistency in variable naming and code structure across the entire script

These signatures reveal something important: the attackers likely used a general-purpose AI model (possibly a jailbroken or locally hosted one) and had it generate the exploit with minimal manual editing. The AI did most of the work.

The 2FA Bypass: Why This Matters to You

Two-factor authentication is widely considered one of the most important security controls for protecting online accounts. “Enable 2FA on everything” has been security gospel for years. The idea is simple: even if an attacker steals your password, they can’t get in without your second factor — usually a code from an authenticator app or SMS.

This exploit undermines that assumption. The vulnerability in the target admin tool exploited a logic flaw in how 2FA was implemented, not in the underlying cryptography. The attacker needed valid user credentials — so 2FA wasn’t being bypassed from the outside with zero knowledge. But once those credentials were obtained (via phishing, credential stuffing, or purchase from a data broker), the 2FA layer could be skipped entirely.

Google worked with the affected vendor to patch the flaw before the planned mass campaign could be executed. The patch is now available. But how many similar logic flaws exist in other widely deployed software — ones that an AI has already found but that haven’t been disclosed yet?

The Nation-State Threat: North Korea’s Industrial AI Hacking

GTIG’s disclosure wasn’t limited to a single incident. The researchers documented a broader trend: nation-state actors using AI to industrialize vulnerability research at a scale that was previously impossible.

Most alarming: APT45, North Korea’s military hacking unit, is reportedly sending “thousands of repetitive prompts” to AI models to analyze CVEs (known vulnerabilities) recursively and validate proof-of-concept exploits. They’re building an arsenal of working exploits at industrial scale — a pipeline that would be operationally impossible without AI assistance.

Chinese state-sponsored threat actors have similarly been identified using AI for vulnerability discovery. The picture that emerges is of a new asymmetry in cyber warfare: nation-states with access to AI resources can now find and weaponize vulnerabilities faster than defenders can patch them. This is precisely the threat scenario that Mandiant’s M-Trends 2026 report warned about at the start of this year.

The “Agentic AI” Abuse Multiplier

Security researchers are coining a new term for this threat category: “agentic AI abuse”. Traditional AI-assisted hacking involved using AI as a productivity tool — generating phishing emails, translating code, summarizing documentation. Agentic AI goes further: an AI agent that can autonomously browse the internet, write code, test it, iterate, and deploy attacks without human intervention at each step.

The 2FA bypass exploit represents an early example of this capability. An AI didn’t just assist in writing the exploit — it appears to have generated the core exploit logic, with the human attacker’s role limited to providing the target and reviewing the output. As agentic AI systems become more capable and accessible, this balance will shift further toward automation.

The implications extend beyond individual exploits. An AI agent capable of autonomously finding and exploiting vulnerabilities could theoretically scan entire internet address ranges, identify vulnerable systems, develop custom exploits, and deploy them — all without human intervention. The cPanel zero-day that compromised 44,000 servers required significant human effort to operationalize. The next generation of attacks may not.

How Should Defenders Respond?

The uncomfortable truth is that defense has always been harder than offense in cybersecurity, and AI is making that gap worse. Attackers need to find one flaw; defenders need to protect against all of them. AI amplifies the attacker’s research capability without equally amplifying the defender’s patching velocity.

That said, there are concrete responses organizations can take right now:

• Prioritize semantic code review: The class of vulnerabilities AI excels at finding — logic flaws, trust assumption errors — are exactly the ones traditional static analysis tools miss. Investing in AI-assisted code review for your own software is essential.
• Harden 2FA implementations: Don’t rely on 2FA as a silver bullet. Audit how 2FA is implemented in every system you manage. Prefer hardware security keys (FIDO2/WebAuthn) over SMS or TOTP where possible — they’re resistant to most logic-layer bypass attacks.
• Accelerate patch cadence: The window between vulnerability disclosure and exploitation is shrinking. AI-assisted exploit development means that once a patch drops, working exploits may appear within hours.
• Deploy behavioral monitoring: Signature-based detection won’t catch novel AI-generated exploits. Behavioral anomaly detection — flagging unusual access patterns, authentication sequences, or API call patterns — is increasingly essential.

The Bigger Picture: AI Changes Everything in Cybersecurity

Google’s disclosure of the first confirmed AI-generated zero-day marks a before-and-after moment in cybersecurity. It validates fears that security researchers have been raising for years — and provides concrete evidence that those fears were not theoretical.

The arms race is now fully two-sided: defenders are using AI to find vulnerabilities before attackers do, and attackers are using AI to find vulnerabilities before defenders patch them. The winner will be whoever can iterate faster. Right now, that advantage appears to belong to well-resourced attackers — nation-states and sophisticated criminal groups — who face no compliance burden, no responsible disclosure process, and no requirement to fix what they find.

The era of AI-powered cyber warfare has officially begun. The question is no longer whether it will happen — it’s whether the industry can adapt fast enough to survive it.

Sources: The Hacker News — First AI-built zero-day | SecurityWeek — Google detects AI zero-day | CybersecurityNews — AI zero-day details