Google’s Threat Intelligence Group reported that a frontier AI system discovered a two‑factor authentication bypass, turned it into a working exploit and used it in the wild.
In May the team confirmed the first known case of an AI‑generated zero‑day being weaponised. A criminal actor fed the model a target, received a working bypass and deployed it before defenders knew the flaw existed. The same model class, which has already identified roughly 10,000 vulnerabilities, is now being duplicated by actors in China, according to the report.
The episode shows that AI can move from research aid to active threat driver without human code review. It also means nation‑state actors can shortcut their own vulnerability‑research pipelines by stealing proven models, raising the bar for defensive readiness.
If the same tools that help find bugs can be repurposed overnight, defenders may need to treat AI models as both a resource and a weapon.