LIVE THREATS
HIGH Adversaries Leverage LLMs to Accelerate Exploit Development and Attack Automation // CRITICAL AI-Developed Zero-Day Exploit Used in Mass Exploitation Attempt, Mandiant Warns // CRITICAL AI-Generated Zero-Day Exploit Bypasses 2FA in First Confirmed Wild Use // MEDIUM LLMs Demonstrate Strong Capability for Covert Text Steganography // CRITICAL Typosquatted OpenAI Repo on Hugging Face Delivered Rust Infostealer to 244K Users // HIGH Fake OpenAI Repository on Hugging Face Delivers Rust-Based Infostealer // HIGH ClaudeBleed Flaw Lets Rogue Chrome Extensions Hijack AI Agent // HIGH Claude Mythos AI-Assisted Fuzzing Uncovers 423 Firefox Security Bugs in One Month // HIGH Fake Claude AI Site Used to Distribute Beagle Backdoor and PlugX Malware // HIGH Malicious Repos Trigger Silent Code Execution in Claude, Cursor, Gemini CLIs //
ATLAS OWASP CRITICAL Active exploitation · Immediate action required LLM Security Agentic AI Research Industry News RELEVANCE ▲ 9.2

AI-Generated Zero-Day Exploit Bypasses 2FA in First Confirmed Wild Use

SOURCE The Hacker News ↗
TL;DR CRITICAL
  • What happened: Threat actors used an AI model to discover and weaponize a zero-day 2FA bypass for mass exploitation.
  • Who's at risk: Administrators and users of open-source web-based system administration tools are most directly exposed due to the targeted 2FA bypass.
  • Act now: Audit and patch all open-source web administration tools, prioritising 2FA and authentication logic · Monitor for anomalous authentication patterns that may indicate 2FA bypass attempts · Implement defence-in-depth beyond 2FA, including session anomaly detection and hardware security keys
AI-Generated Zero-Day Exploit Bypasses 2FA in First Confirmed Wild Use

Overview

Google’s Threat Intelligence Group (GTIG) has disclosed what it describes as the first confirmed real-world case of threat actors using an AI model to discover and weaponize a zero-day vulnerability. The flaw — a two-factor authentication (2FA) bypass in an unnamed open-source, web-based system administration tool — was implemented via a Python script exhibiting clear hallmarks of LLM-generated code. The campaign was designed for mass exploitation, marking a watershed moment in offensive AI capability.

Technical Analysis

The exploit script was identified during analysis of a cybercriminal mass-exploitation campaign. Key indicators of AI-assisted development included:

  • Hallucinated CVSS score embedded in docstrings — a known LLM artefact where models fabricate plausible-sounding metadata
  • Structured, textbook Pythonic formatting consistent with LLM training data patterns, including detailed help menus and a clean _C ANSI colour class
  • Abundance of educational docstrings typical of LLM output optimised for readability

The underlying vulnerability is described as a high-level semantic logic flaw rooted in a hard-coded trust assumption within the application’s authentication flow. Crucially, exploitation requires valid user credentials — lowering the barrier for attackers who have already obtained account access via phishing or credential stuffing. LLMs are particularly effective at identifying this class of flaw, as semantic logic errors require contextual reasoning rather than pattern-matching, a domain where large models excel.

The report also references PromptSpy, an Android malware that abuses Google’s Gemini model as an autonomous agent to navigate device UI, monitor real-time user activity, and determine next actions — demonstrating AI being embedded directly into malware runtimes.

Framework Mapping

FrameworkTechniqueRationale
ATLAS AML.T0047ML-Enabled Product or ServiceLLM used offensively as a vulnerability discovery and exploit generation tool
ATLAS AML.T0043Craft Adversarial DataExploit payload crafted with AI assistance to target specific logic flaw
ATLAS AML.T0012Valid AccountsExploit requires valid credentials, lowering exploitation complexity
OWASP LLM08Excessive AgencyPromptSpy demonstrates an LLM acting autonomously with real-world impact
OWASP LLM09OverrelianceDefenders and vendors over-relying on 2FA as a terminal security control

Impact Assessment

This incident has broad implications across the security landscape:

  • Compressed attack timelines: AI reduces the skilled labour and time required for vulnerability discovery, validation, and weaponization — previously barriers to entry for lower-tier threat actors.
  • Democratisation of zero-day development: Capabilities once reserved for nation-state actors or elite researchers are increasingly accessible to organised cybercriminal groups.
  • 2FA trust erosion: The targeting of 2FA specifically undermines a near-universal defensive recommendation, potentially affecting millions of deployments of the affected tool.
  • Agentic malware emergence: PromptSpy signals a new class of malware where LLMs act as real-time reasoning engines, enabling adaptive, context-aware attacks at runtime.

Mitigation & Recommendations

  1. Patch immediately: Apply vendor patches for the affected system administration tool as soon as available; monitor vendor advisories closely.
  2. Harden authentication beyond 2FA: Deploy hardware security keys (FIDO2/WebAuthn) and implement session anomaly detection — 2FA alone is insufficient against logic-layer bypasses.
  3. Audit authentication logic: Review hard-coded trust assumptions in session management and authentication flows across all web-facing systems.
  4. Threat hunt for exploit indicators: Look for Python-based exploit scripts with LLM-style docstrings and hallucinated CVE/CVSS metadata in threat intelligence feeds.
  5. Monitor for autonomous agent malware: Implement behavioural detection for applications abusing on-device AI APIs (e.g., Gemini) for UI automation outside expected use cases.

References

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.