Image credit: Unsplash
Google said it disrupted a cyberattack in which hackers used artificial intelligence to help identify and weaponize a zero-day flaw that could bypass two-factor authentication after valid credentials were obtained.
The Google Threat Intelligence Group said the attempted exploit targeted a widely used open-source, web-based system administration tool. Google did not publicly name the affected tool or vendor, but said the flaw has since been fixed.
Zero-Day Targeted Unnamed Admin Tool After Credential Theft
The exploit centered on a logic flaw tied to hardcoded trust assumptions inside the administration tool.
Google said the weakness could have let attackers bypass 2FA protections once they already had valid login credentials. That means the flaw did not remove the need for stolen or compromised credentials, but it could have helped attackers get past the extra authentication step.
The attack was stopped before it could be deployed at scale. Google described the case as an early sign of how AI is being used in offensive cyber operations.
Hallucinated CVSS Score Flagged Possible AI Use
GTIG said the exploit script showed signs that it had been developed with help from a large language model.
Those signs reportedly included a hallucinated CVSS score and formatting that looked closer to training-data output than normal exploit code.
Google said there is no sign that its Gemini model was used. The broader concern is that attackers are using AI tools to speed up vulnerability research, exploit development and attack planning.
Google Says AI Speeds Exploit Development
Google said criminal groups and state-linked actors are beginning to automate parts of cyber operations with AI.
That includes vulnerability discovery, malicious code generation and tactical planning. Google said skilled attackers still matter, but AI can make parts of the attack process faster and easier to repeat.
The case shows how quickly a flaw can move from discovery to a working exploit when attackers use AI-assisted tooling.
Crypto Firms Face 2FA Infrastructure Risk
The incident was not crypto-specific, but it matters for exchanges, custodians, DeFi teams and wallet providers that rely on similar administrative tools, dashboards and identity systems.
A 2FA bypass on an internal system could become a route into signing infrastructure, cloud accounts, developer environments, customer data or treasury systems.
For crypto firms, the risk is severe because access breaches can quickly become irreversible asset losses.
Google’s immediate message is that defenders need to patch exposed administration tools, review 2FA assumptions and monitor unusual login behavior. The case shows AI-assisted exploitation is no longer theoretical, even if this specific attack was stopped before broad deployment.
Categories:
Fhumulani Lukoto
Cryptocurrency Journalist
Fhumulani Lukoto holds a Bachelors Degree in Journalism enabling her to become the writer she is today. Her passion for cryptocurrency and bitcoin started in 2021 when she began producing content in the space. A naturally inquisitive person, she dove head first into all things crypto to gain the huge wealth of knowledge she has today. Based out of Gauteng, South Africa, Fhumulani is a core member of the content team at Coin Insider.