Open Source · Google · China · South Korea · Cointelegraph
Hackers applied AI to craft zero-day attack to bypass 2FA: Google
Compiled by KHAO Editorial — aggregated from 1 outlet. See llms.txt for citation guidance.
◌ Single Source
Google’s Threat Intelligence Group says it has “high confidence” a threat actor used an AI model to help discover and weaponize a vulnerability in a popular system admin tool.
Key facts
- LLM access abuse is becoming industrialized as threat actors have built automated pipelines to cycle through premium AI accounts, pool API keys, and bypass safety guardrails at scale, effectively
- Google’s Threat Intelligence Group says it identified what it believes is the first-ever case of hackers using artificial intelligence to develop a zero-day exploit
- Google’s Threat Intelligence Group says it has “high confidence” a threat actor used an AI model to help discover and weaponize a vulnerability in a popular system admin tool
- AI has been increasingly used in both cybersecurity and by crypto hackers seeking to carry out exploits or scams
Summary
Google’s Threat Intelligence Group says it identified what it believes is the first-ever case of hackers using artificial intelligence to develop a zero-day exploit. The group said in a Tuesday blog post that it had “observed prominent cyber crime threat actors partnering to plan a mass vulnerability exploitation operation,” using a zero-day vulnerability allowing them to bypass the two-factor authentication of an unnamed “popular open-source, web-based system administration tool.” The exploit required valid user credentials first, but bypassed the second authentication factor, which is often also used to secure crypto accounts and wallets. AI has been increasingly used in both cybersecurity and by crypto hackers seeking to carry out exploits or scams.