By ByteBot
For years, the security community warned that AI would eventually help attackers find vulnerabilities faster than defenders could patch them. On May 11, 2026, Google’s Threat Intelligence Group confirmed it has started. A cybercrime group used AI to build a working zero-day exploit — a 2FA bypass targeting a popular open-source web administration tool — and nearly deployed it in a mass exploitation campaign. Google caught it first. But the details of how it was built tell a more unsettling story than the attack itself.
What the Exploit Actually Did
The attack was a Python script that bypassed two-factor authentication by exploiting a hardcoded trust exception buried in the tool’s login flow. Not a memory safety bug. Not a missing input validation. A semantic logic flaw — a developer once wrote a condition that said “trust this” in a context where nothing else in the authentication flow agreed. The code looked syntactically correct. Static analysis tools passed it without a flag. The application behaved normally in testing.
AI found it because AI reads code differently. While SAST tools pattern-match known vulnerability signatures, large language models can reason about developer intent — comparing what one part of the codebase says against what another part enforces, spotting contradictions that require understanding rather than scanning. Google’s Threat Intelligence Group described the flaw as “a dormant logic error that appears functionally correct to traditional scanners but is strategically broken from a security perspective.” The criminal group planned mass exploitation. A patch shipped before the campaign launched.
How Google Knew AI Built It
The exploit code gave itself away in three ways. First, it contained educational docstrings — detailed comments explaining what each section does. Experienced attackers don’t document their tools. Second, it used clean, textbook Pythonic structure with readable variable names. Human-written exploit code tends to be minimal and obfuscated. Third — and this is the most telling detail — the script included a fabricated CVSS severity score for the vulnerability it exploited.
The vulnerability had never been disclosed. It had no CVE. It had no official score. The AI invented one anyway, following the documentation patterns it learned from training data about how exploit research is typically written. The attacker’s LLM was working in “security researcher mode” and added realistic-looking metadata to a vulnerability that didn’t yet officially exist. GTIG’s report notes that future AI-generated exploits may lack these fingerprints entirely as attackers refine their prompting — which means the detection advantage defenders currently have has an expiration date.
Why Your Auth Code Is Now a Target
Semantic logic flaws are not new. They have always been the hardest class of vulnerability to find because they require reading intent, not just code. Security audits miss them. Automated scanners miss them. Penetration testers miss them when they only run tools. What has changed is that AI can now find them systematically, at scale, across an entire codebase, in minutes.
This makes every hardcoded trust assumption in production code a potential attack surface. The “if admin, skip check” pattern. The legacy bypass condition left in from a migration. The test-environment flag that never got removed. AI reads all of it, correlates it across files, and asks the question your scanner never did: does this condition agree with everything else in the authentication logic?
What to Do Right Now
This is not a theoretical future risk. The practical response is straightforward:
- Audit your authentication flows for hardcoded trust exceptions. Search for patterns like
skip_auth,bypass,trust_local,admin_override, or any conditional that short-circuits your MFA or 2FA enforcement. If it doesn’t have a documented, reviewed reason to exist — remove it. - Use AI-assisted code review on your auth stack. The same capability attackers are using is available defensively. GitHub Advanced Security, Snyk Code, and similar tools now surface semantic issues that traditional scanners miss. Run them specifically on authentication and authorization logic.
- Default to fail-closed authentication. Any auth check that is ambiguous or encounters an unexpected condition should deny access, not grant it. Fail-open defaults are how trust exceptions become zero-days.
- Treat open-source admin tools as high-risk attack surface. Web administration tools are widely deployed, often managed by small teams, and written by many contributors — exactly the conditions that produce semantic inconsistencies. Keep them patched and monitor their security advisories closely.
The Bigger Picture
The same AI tools available to your security team are available to attackers. Nation-state groups are already using LLMs at scale to accelerate vulnerability research — scanning CVE databases, validating proof-of-concept exploits, and identifying patterns across open-source codebases. GTIG’s warning is direct: AI will remove the bottleneck of limited human vulnerability researchers, enabling scalable discovery of exploitable flaws across widely deployed software.
The first AI-built zero-day was caught. The second one may not have educational docstrings and a hallucinated CVSS score to give it away. The time to audit your authentication code is before the next one ships. BleepingComputer has the full timeline of the responsible disclosure and patch process if you need the operational details.
