Google Catches First AI Zero-Day Exploit: A Warning Shot for Crypto Security?

1 hour ago 15

Google’s Threat Intelligence Group caught a criminal hacking crew using an AI-built zero-day exploit live in the wild for the first time, neutralizing a planned mass attack before it could trigger.

The finding sits within a wider report showing that attackers now weave large language models into every stage of an intrusion. Defenders are racing to deploy their own AI hunters across the same fight.

How the AI Zero-Day Exploit Worked

The malicious code, written in Python, bypassed two-factor authentication (2FA) on a popular open-source system administration tool. Google has not named the affected vendor.

The Google Threat Intelligence Group has detected the first known instance of a threat actor using an AI-developed zero-day exploit in the wild. While the attackers planned a wide-scale strike, our proactive counter-discovery may have prevented that from happening. This finding…

— News from Google (@NewsFromGoogle) May 12, 2026

Follow us on X to get the latest news as it happens

Several signals pointed to a large language model author. The script carried tutorial-style docstrings and a fabricated Common Vulnerability Scoring System (CVSS) score, a metric no human researcher would invent.

Google said its own Gemini model was not used. GTIG chief analyst John Hultquist warned that subtler AI-assisted intrusions may already be in motion undetected.

“Each new generation of models will reduce the need for expert-developed harnesses, but they are almost certainly out there. We have to recognize the limits of our visibility into the backend of spies and criminals. The signs won’t be obvious. The race has started already,” he said.

Defenders Push Back

The same report flagged Russian-linked malware families PROMPTFLUX and PROMPTSPY, an Android backdoor that pings Gemini in real time to plan its next action.

State-linked Chinese and North Korean operations are training private models on an 85,000-vulnerability dataset.

Google countered with Big Sleep, an AI agent that hunts zero-days before attackers can find them, and CodeMender, an automated patching system. Big Sleep has already closed a flaw that hackers were preparing to weaponize.

Why Crypto Should Watch

The gap between attack and defense is sharpening. Binance Research recently found that AI agents exploit smart contracts twice as well as they detect threats.

Earlier reporting flagged how Google AI tools can help scammers drain wallets, and a fresh Chrome flaw recently exposed private keys.

Against this backdrop, exchanges are deploying their own AI shields, but the bar keeps climbing.

When AI hits security there will be signs pic.twitter.com/aZrJDIz4Z4

— Kevin Kwok (@kevinakwok) April 30, 2026

With both sides now fielding autonomous agents, the next zero-day may surface from a machine on either bench.

The post Google Catches First AI Zero-Day Exploit: A Warning Shot for Crypto Security? appeared first on BeInCrypto.

Read Entire Article