Signal

Google detects first AI-developed zero-day exploit targeting 2FA bypass

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-05-11 10:00 UTCUpdated 2026-05-11 15:45 UTC

rss

cveexploitsthreat_actorssecurity_toolingincident_response

Trend in the last 24h

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (7)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

thehackernews · News · thehackernews.com · 2026-05-11 15:45 UTC

GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access

Mandiant Blog · News · cloud.google.com · 2026-05-11 13:18 UTC

Google Detects First AI-Generated Zero-Day Exploit

SecurityWeek · News · securityweek.com · 2026-05-11 13:04 UTC

Google discovers weaponized zero-day exploits created with AI

CSO Online · News · csoonline.com · 2026-05-11 13:00 UTC

View all evidence

Overview

Google's Threat Intelligence Group (GTIG) identified a zero-day exploit created with AI by a cybercrime group, targeting a popular open-source web administration tool to bypass two-factor authentication.

Entities

GoogleOTT Cybersecurity LLCLyrie.aiAgent Trust ProtocolJohn Hultquist

Score total

1.8

Momentum 24h

7

Posts

7

Origins

6

Source types

1

Duplicate ratio

0%

Why now

This is the first confirmed case of AI-developed zero-day exploits in the wild, signaling a shift in attacker capabilities.
Advances in AI are accelerating vulnerability discovery and exploit generation by threat actors.
Organizations face increasing urgency to adopt proactive detection and response tools amid evolving AI-driven threats.

Why it matters

AI-generated zero-day exploits represent a new, more automated threat vector for cybercrime groups.
Early detection and patching prevented a potentially large-scale attack exploiting 2FA bypass.
Real-time zero-day tracking tools like Lyrie.ai can reduce the window of exposure to active exploits.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Google Threat Intelligence Group identified a zero-day exploit developed with AI targeting a 2FA bypass in an open-source web administration tool.
Lyrie.ai deployed a real-time zero-day tracking system to notify organizations of active exploit activity and reduce breach windows.

How sources frame it

Google Threat Intelligence Group: neutral

All evidence

All evidence

Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation

thehackernews · thehackernews.com · 2026-05-11 15:45 UTC

GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access

Mandiant Blog · cloud.google.com · 2026-05-11 13:18 UTC

Google Detects First AI-Generated Zero-Day Exploit

SecurityWeek · securityweek.com · 2026-05-11 13:04 UTC

Google discovers weaponized zero-day exploits created with AI

CSO Online · csoonline.com · 2026-05-11 13:00 UTC

Google spotted an AI-developed zero-day before attackers could use it

CyberScoop · cyberscoop.com · 2026-05-11 13:00 UTC

Hackers Observed Using AI to Develop Zero-Day for the First Time

Infosecurity Magazine · infosecurity-magazine.com · 2026-05-11 13:00 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 6Origin domains: 6Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 6 / 0

Top publishers (this list)

thehackernews (1)
Mandiant Blog (1)
SecurityWeek (1)
CSO Online (1)
CyberScoop (1)
Infosecurity Magazine (1)

Top origin domains (this list)

thehackernews.com (1)
cloud.google.com (1)
securityweek.com (1)
csoonline.com (1)
cyberscoop.com (1)
infosecurity-magazine.com (1)