Google just blocked what it says is the first AI-assisted zero-day exploit in the wild. The company's Threat Intelligence Group spotted cybercriminals planning a mass attack on an open-source web administration tool that would have let them bypass two-factor authentication.
The giveaway? The Python exploit code had telltale signs of AI assistance. Google's researchers noticed a hallucinated CVSS score (a made-up security rating that LLMs sometimes generate) and overly structured, textbook-style formatting that matches how AI models are trained.
This marks a shift from theoretical risk to actual threat. We've known AI could help write malicious code, but this is the first confirmed case of attackers using it to develop a real zero-day exploit that made it into active planning stages.
For anyone relying on AI coding assistants, this is a reminder that the same tools speeding up your development work are also accelerating the other side. The barrier to creating sophisticated exploits just got lower.
The good news is that detection is evolving too. Google caught this because AI-generated code has patterns that don't quite match human-written exploits. As AI gets better at writing attack code, security teams are learning to spot those fingerprints.
The target was described only as an open-source web-based system administration tool, so Google isn't naming specifics yet. But if you're running any admin tools that handle authentication, now's a good time to make sure you're on the latest patches.
