For the first time, Google says it has spotted and stopped a zero-day exploit developed with AI. According to a report from Google Threat Intelligence Group (GTIG), âprominent cyber crime threat actorsâ were planning to use the vulnerability for a âmass exploitation eventâ that would have allowed them to bypass two-factor authentication on an unnamed âopen-source, web-based system administration tool.â
Googleâs researchers found hints in the Python script used for the exploit that indicated help from AI, like a âhallucinated CVSS scoreâ and âstructured, textbookâ formatting consistent with LLM training data. The exploit takes advantage of âa high-level semantic logic flaw where the developer hardcoded a trust assumptionâ in the platformâs 2FA system. This follows weeks of hand-wringing over the capabilities of cybersecurity-focused AI models like Anthropicâs Mythos and a recently disclosed Linux vulnerability that was discovered with AI assistance.
Itâs the first time Google has found evidence that AI was involved in an attack like this, although Googleâs researchers note that they âdo not believe Gemini was used.â Google says it was able to âdisruptâ this particular exploit, but also says hackers are increasingly using AI to find and take advantage of security vulnerabilities. The report also mentions AI as a target for attackers, saying âGTIG has observed adversaries increasingly target the integrated components that grant AI systems their utility, such as autonomous skills and third-party data connectors.â
Googleâs report also details how hackers are using âpersona-driven jailbreakingâ to get AI to find security vulnerabilities for them, like an example prompt that instructs the AI to pretend itâs a security expert. Hackers are also feeding AI models whole repositories of vulnerability data and using OpenClaw in ways that suggest âan interest in refining AI-generated payloads within controlled settings to increase exploit reliability prior to deployment.â
Read the full article here
