First confirmed case: Hackers used AI to develop a zero-day exploit - Google prevented mass attack
What it really says
Google's Threat Intelligence Group (GTIG) published on May 11, 2026 the first documented case in which a hacker group demonstrably used an AI model to discover a previously unknown security vulnerability (zero-day) and develop it into a working exploit. The vulnerability existed in a widely used open-source system administration tool and enabled bypassing two-factor authentication (2FA). The flaw was based on a semantic logic error: a hard-coded trust assumption in the authentication flow allowed the second factor to be completely bypassed, provided the attacker already had valid credentials. GTIG states it has 'high confidence' that the exploit code was generated by an AI model. The indicators: the Python script contained overly explanatory docstrings, a hallucinated CVSS severity score, detailed help menus, and a structured, textbook formatting style typical of text generated by large language models. Google emphasizes that its own model Gemini was not used, but rather another AI system. The hacker group apparently planned mass exploitation of the vulnerability. Google was able to prevent the attack by working with the affected vendor to quietly patch the flaw before the campaign could gain traction. John Hultquist, chief analyst at GTIG, warned: 'For every zero-day we can trace back to AI, there are probably many more out there.' The same report documents additional cases: North Korean hacker group APT45 used AI to systematically run thousands of exploit checks and expand its toolkit. Chinese state-backed actors experimented with AI systems for automated vulnerability hunting.
Our assessment
This is a turning point in cybersecurity. Until now, hackers' use of AI was largely limited to phishing texts, social engineering, and accelerating known attack techniques. The first confirmed case of a hacker group using AI to develop a working zero-day exploit significantly shifts the threat landscape. Particularly concerning: the exploit leveraged a semantic logic flaw - exactly the kind of subtle vulnerability that human security researchers often miss, but large language models with their ability to analyze code at scale can detect. The good news: Google was able to prevent the attack before it caused damage. This shows that AI helps defenders, not just attackers. The problem is asymmetry: defenders must close all gaps, attackers only need to find one - and AI makes finding them dramatically faster. Hultquist's warning that there are probably many undiscovered AI-generated exploits is not alarmism but logical conclusion. For end users, this means: two-factor authentication remains important but is no longer a silver bullet. The security industry must prepare for the fact that AI dramatically accelerates the speed of vulnerability discovery.
Relevance for Germany
This case is highly relevant for Germany. The Federal Office for Information Security (BSI) identified AI-powered cyberattacks as a growing threat in its 2025 situation report, but focused mainly on AI-generated phishing emails and deepfakes. The GTIG report shows that the threat has already reached a new level: AI is no longer just used for social engineering but for developing technically sophisticated exploits. German companies and government agencies using open-source administration tools like Webmin are potentially affected. The KRITIS Ordinance and IT Security Act 2.0 require operators of critical infrastructure to conduct regular security audits - but these provide limited protection against previously unknown vulnerabilities. The BSI should use this case to update its threat analysis for AI-powered attacks and develop recommendations for dealing with AI-accelerated exploit development.
Fact check
The core facts come directly from the GTIG blog post and are consistently reported by CNBC, BleepingComputer, SecurityWeek, and Axios. The 'high confidence' in the AI origin of the code is based on stylistic features (docstrings, hallucinated CVSS score, LLM-typical formatting) - this is an assessment, not forensic proof. Google names neither the affected tool nor the CVE number of the vulnerability, which makes independent verification difficult. Information about APT45 and Chinese actors also comes from the GTIG report and is supported by their established threat research. Limitation: Google is both the discoverer and a marketer of security products - some commercial interest in dramatizing threats cannot be ruled out. Nevertheless: the technical details are consistent and plausible.
Source
- • Google Cloud Blog 11.05.2026: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access (cloud.google.com/blog/topics/threat-intelligence/ai-vulnerability-exploitation-initial-access)
- • CNBC 11.05.2026: Google says it likely thwarted effort by hacker group to use AI for mass exploitation event (cnbc.com/2026/05/11/google-thwarts-effort-hacker-group-use-ai-mass-exploitation-event.html)
- • BleepingComputer 11.05.2026: Google - Hackers used AI to develop zero-day exploit for web admin tool (bleepingcomputer.com/news/security/google-hackers-used-ai-to-develop-zero-day-exploit-for-web-admin-tool/)
- • SecurityWeek 11.05.2026: Google Detects First AI-Generated Zero-Day Exploit (securityweek.com/google-detects-first-ai-generated-zero-day-exploit/)
- • Axios 12.05.2026: AI-assisted hacking is already here, Google warns (axios.com/2026/05/12/ai-hacking-found-google-report)