Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
PentestCode AI Agent Automates Pen Testing with 18 Specialized Tools
July 17, 2026
AWS Cost Explorer Bug Exposes Trillion-Dollar Billing Estimates
July 17, 2026
Critical Windows LegacyHive 0-Day Lets Attackers Gain Admin Access
July 17, 2026
Home/CyberSecurity News/Google Warns of AI-Generated Zero-Day Exploit in Real Attacks
CyberSecurity News

Google Warns of AI-Generated Zero-Day Exploit in Real Attacks

Key Takeaways Google’s Threat Intelligence Group (GTIG) has reported a significant increase in the use of generative AI by threat actors for various malicious activities, including zero-day...

Marcus Rodriguez
Marcus Rodriguez
May 11, 2026 5 Min Read
54 0

Key Takeaways

  • Google’s Threat Intelligence Group (GTIG) has reported a significant increase in the use of generative AI by threat actors for various malicious activities, including zero-day exploit development and advanced malware creation.
  • A cybercrime syndicate successfully used AI to generate a zero-day exploit in Python, targeting a popular open-source web administration tool to bypass two-factor authentication.
  • State-sponsored groups from China (PRC) and North Korea (DPRK) are systematically leveraging AI for vulnerability discovery and exploit validation, demonstrating enhanced operational efficiency.
  • A new Android malware, PROMPTSPY, integrates Google’s Gemini API to autonomously navigate victim devices, capture biometric data, and evade detection.
  • Organizations must urgently audit CI/CD pipelines, GitHub tokens, and AI dependency chains, as LLM-integrated environments are becoming prime targets for sophisticated adversaries.

AI Revolutionizes Cyberattacks: From Zero-Days to Autonomous Malware

Google’s Threat Intelligence Group (GTIG) has issued a stark warning regarding the escalating “industrialization” of generative artificial intelligence by malicious actors. Their latest report details a worrying evolution in cyber threat capabilities, demonstrating AI’s profound impact on the development and deployment of sophisticated attacks.

Table Of Content

  • Key Takeaways
  • AI Revolutionizes Cyberattacks: From Zero-Days to Autonomous Malware
  • AI-Generated Zero-Day Exploit Uncovered
  • State-Sponsored Actors Harness AI for Vulnerability Discovery
  • PROMPTSPY: Autonomous Android Malware Powered by Gemini
  • AI-Enabled Obfuscation and Evasion Tactics
  • Professionalized AI Middleware Ecosystems
  • Google’s Defensive AI Initiatives
  • What You Should Do

AI-Generated Zero-Day Exploit Uncovered

Among the most alarming discoveries is the revelation that a cybercriminal organization successfully created a fully functional zero-day exploit with significant assistance from AI. This Python-based exploit was specifically engineered to circumvent two-factor authentication (2FA) in a widely used open-source web administration tool.

According to GTIG’s Q2 2026 intelligence, these cybercriminals had coordinated efforts to launch a large-scale exploitation campaign against the popular open-source system. Analysis of the Python script, designed to bypass 2FA, strongly indicated its AI origins.

Indicators pointing to AI generation included an unusual abundance of educational docstrings, a fabricated CVSS score, and a remarkably clean, “textbook Pythonic” code structure—all hallmarks of outputs from large language model (LLM) training. Google’s GTIG team responsibly disclosed the vulnerability to the affected vendor and successfully disrupted the planned operation before it could be executed broadly.

The vulnerability itself was not a typical memory corruption or input sanitization flaw. Instead, it represented a high-level semantic logic vulnerability: a hardcoded trust assumption embedded within the 2FA enforcement logic. Such sophisticated logical flaws are often overlooked by conventional static application security testing (SAST) tools and fuzzers, but frontier LLMs are uniquely adept at identifying these types of high-level logical weaknesses.

State-Sponsored Actors Harness AI for Vulnerability Discovery

Beyond cybercrime syndicates, GTIG has observed nation-state threat actors, particularly those affiliated with the People’s Republic of China (PRC) and the Democratic People’s Republic of Korea (DPRK), systematically leveraging AI to uncover vulnerabilities at scale. As detailed in a GTIG blog post, these groups are employing advanced AI techniques.

  • UNC2814: This group utilized “persona-driven” jailbreaking techniques, prompting Google’s Gemini AI to simulate a senior C/C++ binary security expert. This approach allowed them to probe TP-Link firmware and OFTP implementations effectively.
  • APT45: This actor took AI exploitation further, deploying thousands of automated, repetitive prompts to recursively analyze known CVEs and validate proof-of-concept exploits. This strategy created an AI-augmented arsenal that would be operationally unfeasible without AI assistance.
  • APT27: A PRC-linked actor, APT27, was observed using Gemini to accelerate the development of an operational relay box (ORB) network fleet management application. This application included hardcoded elements like “maxHops=3” and specific mobile device types, designed to obfuscate the origins of intrusions.

PROMPTSPY: Autonomous Android Malware Powered by Gemini

One of the most concerning revelations in the report is PROMPTSPY, an Android backdoor initially identified by ESET. This malware uniquely integrates Google’s Gemini API directly into its execution flow.

PROMPTSPY’s “GeminiAutomationAgent” module functions by serializing the visible UI hierarchy of a compromised device into XML. This data is then sent to Gemini’s gemini-2.5-flash-lite model, which returns structured JSON commands. These commands, including CLICK and SWIPE gestures, enable the malware to autonomously navigate the victim’s device without any human interaction. The malware also possesses capabilities to capture biometric data, deploy invisible overlays to prevent uninstallation, and dynamically rotate its command-and-control (C2) infrastructure and Gemini API keys at runtime to evade defensive measures. Google has since deactivated all assets associated with PROMPTSPY, and no infected applications have been found on the Google Play Store.

AI-Enabled Obfuscation and Evasion Tactics

Russian-linked threat actors targeting Ukrainian organizations have also deployed AI-enabled malware families, such as CANFAIL and LONGSTREAM. These families employ LLM-generated “decoy logic” to camouflage their malicious functionalities. For example, LONGSTREAM contains 32 instances of redundant daylight saving time queries interspersed throughout its code, a pattern deliberately designed to appear benign to static analysis tools. Another threat, HONESTCUE, interacts with the Gemini API in real time to request just-in-time VBScript obfuscation, allowing it to dynamically defeat signature-based detection.

Professionalized AI Middleware Ecosystems

State-sponsored and cybercriminal groups are moving beyond simple API access, actively building professionalized middleware ecosystems to bypass AI safety guardrails and manage billing constraints at scale.

  • UNC6201 (PRC-linked): This group was observed using a publicly available GitHub Python script to automate premium LLM account registration, CAPTCHA bypassing, SMS verification, and immediate cancellation to cycle through free credits.
  • UNC5673: This actor deployed tools like “Claude-Relay-Service” and “CLI-Proxy-API” to aggregate and pool multiple Gemini, Claude, and OpenAI accounts simultaneously, enhancing their operational capacity.
  • TeamPCP (aka UNC6780): In late March 2026, this cybercrime group executed coordinated supply chain compromises of GitHub repositories linked to critical cybersecurity tools, including the Trivy vulnerability scanner, Checkmarx, LiteLLM, and BerriAI. The group embedded the SANDCLOCK credential stealer to harvest AWS keys and GitHub tokens directly from CI/CD build environments, subsequently monetizing these stolen credentials through ransomware and extortion partnerships. The compromise of LiteLLM, an AI gateway utility widely used to integrate multiple LLM providers, is particularly concerning, as it exposes AI API secrets that threat actors can exploit to pivot into enterprise networks or conduct extensive AI-assisted reconnaissance.

Google’s Defensive AI Initiatives

Google is also deploying AI offensively in defense, using its Big Sleep agent to identify software vulnerabilities and the CodeMender AI agent to automatically patch them. Gemini’s malicious accounts are promptly disabled upon detection, and Google Play Protect automatically safeguards Android devices against known PROMPTSPY variants.

GTIG’s findings underscore the critical need for organizations to conduct thorough audits of their CI/CD pipelines, GitHub tokens, and AI dependency chains. As LLM-integrated environments become primary targets, sophisticated adversaries are rapidly adapting their tactics, techniques, and procedures.

What You Should Do

  • Audit CI/CD Pipelines and GitHub Tokens: Regularly review and strengthen security controls for CI/CD environments. Implement least privilege access for GitHub tokens and other repository credentials, rotating them frequently.
  • Assess AI Dependency Chains: Understand and secure all AI models, APIs, and middleware integrated into your systems. Be aware of potential supply chain risks associated with third-party LLM providers and utilities.
  • Enhance 2FA and Access Controls: While AI can bypass some 2FA implementations, robust multi-factor authentication remains crucial. Ensure strong access controls are in place for all administrative tools and critical systems.
  • Deploy Advanced Endpoint Detection and Response (EDR): Utilize EDR solutions capable of detecting anomalous behavior and AI-generated code patterns, which may indicate sophisticated AI-powered attacks.
  • Educate and Train Staff: Raise awareness among development and security teams about the evolving threats posed by AI-generated exploits and malware, including social engineering tactics leveraging AI.
  • Stay Updated on Threat Intelligence: Continuously monitor reports from threat intelligence groups like Google’s GTIG to stay informed about the latest AI-driven attack techniques and mitigation strategies.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

CVEExploitHackerMalwarePatchransomwareSecurityThreatVulnerabilityzero-day

Share Article

Marcus Rodriguez

Marcus Rodriguez

Marcus is a security researcher and investigative journalist with expertise in vulnerability research, bug bounties, and cloud security. Since 2017, Marcus has been breaking stories on critical vulnerabilities affecting major platforms. His investigative work has led to the disclosure of numerous security flaws and improved defenses across the industry. Marcus is an active participant in bug bounty programs and has been recognized for responsible disclosure practices. He holds multiple security certifications and regularly speaks at industry events.

Previous Post

Go fsnotify Library Access Changes Spark Supply Chain Concerns

Next Post

Critical Supply Chain Attack on TanStack NPM Packages Exposes CI Credentials

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
GPT-5.6 Codex Bug Deletes Files From Home Directories
July 17, 2026
Critical TP-Link Tapo Camera Vulnerability Lets Attackers Hijack Devices
July 17, 2026
CISA Warns of Critical Fortinet FortiSandbox OS Injection Flaws Exploited in Attacks
July 17, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Emy Elsamnoudy
Emy Elsamnoudy
Jennifer sherman
Jennifer sherman
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us