Google hackers use AI technology to build zero-day vulnerabilities that bypass two-factor authentication

According to Decrypt, Google's Threat Analysis Group confirmed that cybercriminals used an AI model to discover and exploit a zero-day vulnerability in a popular open-source web management tool that could bypass two-factor authentication. Google stated that this is the first time the company has confirmed AI-assisted zero-day vulnerability development in a real-world environment. Before attackers could exploit it on a large scale, Google worked with the affected vendor to patch the vulnerability. Google's report noted that the vulnerability was a logic error, where the software trusted a condition that could bypass two-factor authentication. Unlike traditional scanners that look for crashes or error codes, AI analyzed the expected behavior of the software and detected logical contradictions, allowing attackers to bypass security checks without compromising encryption.