Google GTIG Confirms First AI-Developed Zero-Day Used in Active Exploitation — 2FA Bypass via Automated Vulnerability Discovery

Google’s Threat Intelligence Group has published findings that mark a significant threshold in offensive security: a threat actor used AI tooling to discover and develop a functional zero-day exploit, which was then deployed in a live exploitation campaign — the first documented instance of AI-assisted zero-day development used operationally in the wild.

What Happened

The Google GTIG report documents a campaign in which the attackers used AI-assisted analysis to identify a previously unknown vulnerability in a web-based system administration tool and generate a working exploit. The target vulnerability was a 2FA authentication bypass — allowing the attacker to gain authenticated access to administrative interfaces protected by two-factor authentication without possessing a valid second factor. The vendor has since patched the flaw, but no CVE has been publicly disclosed at the time of writing. Exploitation occurred before the patch was available.

In a separate but related finding, GTIG identified a China-aligned threat actor using AI platforms — specifically referencing Hexstrike AI and a reconnaissance automation framework called Strix — to conduct automated vulnerability discovery and attack surface mapping against Japanese technology sector targets. The two incidents, while involving different actors and targets, were reported together as evidence that AI-assisted offensive operations have moved from theoretical capability to confirmed operational reality in 2026.

Why This Matters

The security industry has spent several years debating when AI-assisted exploitation would transition from capability to campaign. Google’s report provides the definitive answer: it has already happened. Several implications are immediate:

Vulnerability dwell time compresses. Traditional offensive vulnerability research requires significant human expertise and time. AI-assisted discovery removes that bottleneck — the period between a vulnerability existing and being found and weaponised shortens. This puts pressure on vendor patch development cycles and on defenders’ assumption that obscure or complex flaws are inherently lower risk.

2FA bypass as a target class signals attacker priorities. AI was used to discover a vulnerability specifically enabling 2FA bypass. This is not coincidental — bypassing MFA removes the primary compensating control most organisations rely on for privileged access. Attackers are directing AI capability toward the highest-leverage defensive mechanisms.

The AI exploitation gap is now confirmed, not projected. For CISOs and risk teams who calibrated AI-threat timelines around projected capability curves, those curves should be adjusted. GTIG’s findings confirm that nation-state adjacent actors have operationalised AI for offensive vulnerability research in 2026.

Immediate Recommendations

Prioritise the following this week:

1. Audit all web-based administration interfaces exposed to the network — confirm they are restricted to management IP ranges only, not accessible from the internet. Web admin tools are a consistent exploitation target; the attack surface should be minimal.

2. Validate your MFA implementation against bypass vectors. TOTP-based 2FA can be bypassed via session interception, MFA fatigue, and now through application-layer vulnerabilities discovered via AI. Phishing-resistant FIDO2 hardware keys or passkeys are the only MFA mechanism that resists these bypass classes at the protocol level.

3. Review your vulnerability detection coverage for AI-assisted discovery. AI vulnerability research is more systematic and exhaustive than human-led research — it finds vulnerabilities in codepaths humans deprioritise. Threat modelling assumptions based on “this is too complex to find” should be revisited.

4. Treat application-layer 2FA bypass CVEs as high priority regardless of CVSS score. A 2FA bypass may receive a moderate CVSS score if it requires some level of access or specific conditions, but its impact on authentication assurance is disproportionate to its numeric rating.

The immediate operational risk of this specific zero-day is low since the vendor has patched it. The strategic signal — that AI-assisted zero-day development is confirmed operational — is the key finding for defenders to absorb.