Google’s Threat Intelligence Group on May 12 said it disrupted a planned mass exploitation campaign after identifying what it assesses with high confidence is the first zero-day exploit built by criminal hackers using artificial intelligence.
The criminal group built the exploit as a Python script targeting a two-factor authentication (2FA) bypass in a popular open-source, web-based system administration tool. Google Threat Intelligence Group (GTIG) coordinated with the affected vendor to patch the flaw before the campaign could be executed.
Google GTIG confirms the first AI-built zero-day exploit used in the wild. Discover how AI is industrializing cyber warfare and how Big Sleep is fighting back.#AICyberSecurity #ZeroDay #GoogleThreatIntel #InfoSec #CyberWarfare #BigSleepAI #Mandianthttps://t.co/ozBZSZZ0r5 pic.twitter.com/1bosroEuMg
— Gray Hats (@the_yellow_fall) May 12, 2026
“The criminal threat actor planned to use it in a mass exploitation event but our proactive counter discovery may have prevented its use,” GTIG stated in its report.
The flaw was a semantic logic error, a hardcoded trust assumption contradicting the application’s authentication enforcement. GTIG said frontier large language models (LLMs) excel at surfacing this class of flaw by reasoning through developer intent rather than analyzing crash signatures.
The script’s structure pointed to LLM generation, including a hallucinated Common Vulnerability Scoring System (CVSS) score, educational docstrings, and textbook Pythonic formatting. GTIG said it does not believe its Gemini model was used.
The report also detailed previously unreported capabilities in PROMPTSPY, an Android backdoor ESET first identified in February 2026 that abuses Google’s Gemini application programming interface (API) to operate autonomously on compromised devices.
GTIG found the backdoor’s “GeminiAutomationAgent” module serializes a device’s user interface into XML, sending it to the gemini-2.5-flash-lite model for gesture commands including CLICK and SWIPE.
PROMPTSPY can also capture biometric lock screen data and block uninstallation by rendering an invisible overlay over the device’s Uninstall button.
GTIG’s report confirmed that Big Sleep, an AI vulnerability-scanning agent developed with Google DeepMind, assisted in detecting the criminal group’s exploit before deployment. It marks the first documented instance of an AI-built exploit being interdicted by a separate AI system.
