Connect Wallet

Hackers used AI to craft zero-day attack to bypass 2FA: Google

EcoPool Network > Blog > App > News > Hackers used AI to craft zero-day attack to bypass 2FA: Google
Hackers used AI to craft zero-day attack to bypass 2FA: Google img1
Spread the love
         

Written by Martin Young⁠, Staff Writer. Reviewed by Jesse Coghlan⁠, Staff Editor.

Written by Martin Young⁠, Staff Writer.

Reviewed by Jesse Coghlan⁠, Staff Editor.

Hackers used AI to craft zero-day attack to bypass 2FA: Google

Latest NewsPublishedMay 12, 2026

Google’s Threat Intelligence Group says it has “high confidence” a threat actor used an AI model to help discover and weaponize a vulnerability in a popular system admin tool.

Google’s Threat Intelligence Group says it identified what it maintains is the first-ever case of hackers using artificial intelligence to develop a zero-day exploit.

The group stated in a Tuesday blog post that it had “observed prominent cybercrime threat actors partnering to plan a mass vulnerability exploitation operation,” using a zero-day vulnerability — a software flaw unknown to the vendor at the time of exploitation — that allowed them to bypass the two-factor authentication of an unnamed “popular open-source, web-based system administration tool.”

The exploit required valid user credentials first, but bypassed the second authentication factor, which is often also used to secure crypto accounts and wallets.

AI has been increasingly used in both cybersecurity and by crypto hackers seeking to carry out exploits or scams. AI company Anthropic claimed last month that its recent AI model, Claude Mythos, found thousands of software vulnerabilities across major systems.

Google stated it had “high confidence that the actor likely leveraged an AI model to support the discovery and weaponization of this vulnerability,” as the script for the exploit included a hallucination and a format “highly characteristic” of an AI model’s training data.

The report did not specify the threat actor, but Google stated that China and North Korea have “demonstrated notable interest in capitalizing on AI for vulnerability discovery.”

LLMs excel at high-level flaw identification 

Google stated the vulnerability did not stem from “common implementation errors” like memory corruption, but from a “high-level semantic logic flaw” where the developer hardcoded a trust assumption.

This implies the attackers used a frontier large language model (LLM), as the models excel at identifying high-level flaws and “hardcoded static anomalies,” Google added.

Related: AI agents like OpenClaw could drain crypto wallets via ‘malicious skills’: CertiK

Several malware families, such as PROMPTFLUX, HONESTCUE and CANFAIL also utilize LLMs for defense evasion, generating decoy or filler code to camouflage malicious logic, Google stated. 

LLM vulnerability discovery capabilities compared with other discovery mechanisms. Source: Google

Industrialized LLM abuse is increasing 

LLM access abuse is becoming industrialized as threat actors have built automated pipelines to cycle through premium AI accounts, pool API keys, and bypass safety guardrails at scale — effectively running adversarial operations subsidized by trial account abuse.

“By leveraging anti-detect browsers and account-pooling services, actors are attempting to maintain high-volume, anonymized access to premium LLM tiers, effectively industrializing their adversarial workflows.”

Google concluded that as organizations continue integrating LLMs into production environments, the AI software ecosystem has emerged as a primary target for exploitation.

It observed adversaries increasingly targeting the integrated components that grant AI systems their utility, such as autonomous skills and “third-party data connectors,” but threat actors have yet to achieve breakthrough capabilities to bypass the core security logic of frontier models, it stated. 

Magazine: How AI just dramatically sped up the quantum risk for Bitcoin

Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently.

  • AI
  • Google
  • Malware
  • Scams & Cybercrime

More on the subject

Binance says AI-powered security has thwarted $10B in fraud since 2025


7 hours ago

Brian Quarmby

Three men charged in US over crypto wrench attack spree


7 hours ago

Stephen Katte

‘I failed them’: Goliath Ventures CEO charged with crypto Ponzi apologizes


8 hours ago

Brayden Lindrea

Binance says AI-powered security has thwarted $10B in fraud since 2025


7 hours ago

Brian Quarmby

Three men charged in US over crypto wrench attack spree


7 hours ago

Stephen Katte

‘I failed them’: Goliath Ventures CEO charged with crypto Ponzi apologizes


8 hours ago

Brayden Lindrea



💡 A Greener Way to Earn: Looking for a smarter, more sustainable way to earn and mining crypto? EcoPool Network is a cloud-based mining pool that does the heavy lifting on remote servers — so you earn rewards around the clock without worrying about overheating hardware or sky-high electricity bills. It’s lightweight, battery-friendly, and built for everyday users. Download EcoPool now and start mining & earning smarter today.

Spread the love
         
Leave a Comment on Hackers used AI to craft zero-day attack to bypass 2FA: GoogleApp, Currency, Market, News
Tags , , , , , , ,

About the Author

Leo Rivers

Leave a Reply

Your email address will not be published. Required fields are marked *

You may also like these

We believe crypto mining should be accessible and sustainable for everyone. Ecopool is designed to help you maximize your earnings while supporting greener blockchain technology

Useful Links

Our Community

Contact Us

  • Global Operations Center,
  • Dubai, UAE
  • info@ecopool.network
Facebook X-twitter Youtube Instagram Whatsapp Linkedin Telegram

Copyright © 2026 EcoPool.

Help & FAQs

Terms Of Use

Privacy Policy