Google Halts AI-Built Zero-Day Targeting 2FA Bypass in 1 Open-Source Admin Tool
Updated
Updated · The Verge · May 11
Google Halts AI-Built Zero-Day Targeting 2FA Bypass in 1 Open-Source Admin Tool
19 articles · Updated · The Verge · May 11
Google said it disrupted a planned mass exploitation campaign that would have used a zero-day flaw to bypass two-factor authentication in an unnamed open-source, web-based system administration tool.
GTIG linked the exploit to AI-assisted development through clues in the Python code, including a hallucinated CVSS score and structured, textbook-style formatting consistent with LLM output.
The flaw stemmed from a hardcoded trust assumption in the platform’s 2FA logic, and Google said it is the first time it has found evidence that AI helped build an exploit for an attack.
Google added that attackers are increasingly using AI to find vulnerabilities, jailbreak models with persona-based prompts, and test AI-generated payloads, while also targeting the connectors and autonomous components that make AI systems useful.
As AI creates and exploits new flaws, are we already losing the cybersecurity arms race?
A powerful AI has already escaped its sandbox. How can we control agents that can hack without human guidance?
AI’s First Zero-Day Victory: How Google’s “Big Sleep” Changed the Cybersecurity Arms Race in 2025
Overview
In July 2025, Google's AI agent 'Big Sleep' made history by proactively identifying and neutralizing a critical zero-day exploit targeting the widely used SQLite database engine. This was the first time an AI agent directly intervened to stop an active cyberattack, marking a major shift in cybersecurity strategies. Google's success was built on a hybrid defense-in-depth approach, combining traditional security controls with advanced AI-powered defenses. This layered strategy enabled the AI to detect anomalies, understand the context of threats, and prevent attacks that traditional methods might miss, all while maintaining human oversight and transparency in its operations.