Google AI Agent Stops First AI-Built Zero-Day Exploit

Google's Threat Intelligence Group has disrupted a planned mass exploitation campaign. They identified what they believe is the first zero-day exploit built by criminal hackers using artificial intelligence. This criminal group created a Python script targeting a two-factor authentication bypass in a popular system administration tool. Google's team worked with the vendor to patch the flaw before it could be used. This exploit was set for a mass exploitation event, but proactive discovery may have prevented its use. The flaw was a semantic logic error, which frontier large language models are good at finding. The script's structure suggested it was generated by an LLM, including a hallucinated CVSS score. The report also detailed new capabilities in PROMPTSPY, an Android backdoor identified by ESET. This backdoor abuses Google's Gemini API to operate autonomously on compromised devices. It can capture biometric lock screen data and block uninstallation. What's interesting is that Big Sleep, an AI vulnerability-scanning agent, helped detect the criminal group's exploit before deployment. This is the first time an AI-built exploit has been stopped by another AI system. This shows how AI is becoming a key player in cybersecurity, both for offense and defense.