Hackers Used AI to Build a Zero-Day Exploit That Bypasses Two-Factor Authentication: Google
Cybercriminals used an AI model to find and weaponize a previously unknown software flaw, Google's threat team confirmed Monday.
Google's threat intelligence team revealed Monday that cybercriminals successfully used artificial intelligence to discover and exploit a previously unknown software vulnerability that can bypass two-factor authentication systems. The tech giant's security researchers confirmed this marks the first documented case of hackers leveraging AI models to identify and weaponize zero-day exploits in real-world attacks.
Zero-day exploits target software vulnerabilities that are unknown to developers and security teams, making them particularly dangerous as no patches or defenses exist when they're first deployed. Two-factor authentication has long been considered a critical security layer for protecting user accounts, requiring users to provide a second form of verification beyond passwords. The ability to bypass such systems represents a significant escalation in cyber threat capabilities.
The revelation highlights growing concerns within the cybersecurity industry about AI's dual-use nature in digital warfare. Security experts have warned that the same machine learning technologies designed to enhance defensive capabilities could be turned against organizations and individuals. The incident suggests cybercriminals are rapidly adopting sophisticated AI tools to automate vulnerability discovery, potentially accelerating the pace and scale of cyberattacks across various sectors.
Industry observers will be monitoring whether this represents an isolated incident or signals a broader shift toward AI-powered offensive cyber operations. Google has not disclosed specific details about the affected software or the scope of the attacks.
Source: Decrypt
