Google's Threat Intelligence Group has documented what it describes as the first confirmed instance of threat actors leveraging artificial intelligence to engineer a zero-day exploit, marking a significant escalation in how AI is being weaponized for cyberattacks. The exploit successfully circumvented multi-factor authentication protections in a web-based administrative tool.
According to the report, attackers used AI systems to assist in discovering and developing the exploit code targeting a previously unknown vulnerability. The bypass allowed unauthorized access to administrative interfaces despite MFA being enabled, undermining one of the most widely recommended security controls for protecting privileged accounts.
This finding represents a notable shift in the threat landscape. While security researchers and defenders have warned for years that generative AI could lower the barrier to producing sophisticated malware, most documented cases until now have involved AI being used for phishing content, social engineering scripts, or refinement of existing malicious code rather than original vulnerability research and exploit development.
The report underscores growing concerns that AI tools are accelerating the offensive capabilities of threat actors, potentially compressing the timeline between vulnerability discovery and weaponization. Organizations relying on MFA as a primary defense layer may need to revisit their security architecture, layering in additional controls such as phishing-resistant authentication methods, behavioral analytics, and stricter access policies for administrative tools.
