Criminals Use AI to Build First Zero-Day Exploit

Google's Threat Intelligence Group has confirmed the first known case of criminal hackers using AI to develop a working zero-day exploit. The group built a Python-based tool targeting a two-factor authentication bypass in a popular open-source admin platform, though implementation errors prevented successful mass exploitation. Google disclosed the flaw and a patch has been issued. The report reveals a broader trend of state-backed and criminal groups using AI across cyberattack operations. North Korean, Chinese and Russian actors are leveraging AI to accelerate malware development, probe vulnerabilities and run influence campaigns, including AI voice cloning to impersonate journalists in fabricated videos.