Google reported the identification of a zero-day exploit believed to have been crafted with an artificial intelligence system, revealing a significant advancement in malicious vulnerability discovery. This marked a notable instance of AI being utilized in the wild for exploit generation, attributed to a collaborative effort among cybercriminals. The Google Threat Intelligence Group (GTIG) detailed that the exploit allows users to bypass two-factor authentication (2FA) on a widely used web-based system administration tool.
The exact name of the tool remains undisclosed, but Google has communicated with the relevant vendor to ensure the flaw is addressed responsibly. The vulnerability is rooted in a semantic logic flaw due to a hard-coded trust assumption, which AI models are particularly adept at identifying. The Python script associated with this exploit demonstrates characteristics typical of code generated by large language models, including extensive educational docstrings and a structured format.
Ryan Dewhurst, Head of Threat Intelligence at watchTowr, emphasized the accelerating pace of vulnerability discovery and exploitation due to AI's influence. He noted that the timelines for identifying and weaponizing flaws have been shrinking, highlighting the urgent need for defenders to adapt to the evolving threat landscape.