Google Disrupts AI-Assisted Zero-Day Targeting Web Administration Platform
Google’s Threat Intelligence Group said it detected and disrupted what it described as the first observed zero-day exploit likely developed with artificial intelligence assistance, targeting a widely used open-source web administration platform. The flaw reportedly involved a semantic logic weakness in the platform’s two-factor authentication flow, and Google said the exploit appeared intended for mass exploitation before the vendor was notified and issued a patch. Researchers cited indicators of LLM involvement in the exploit code, including unusually didactic docstrings, textbook-style formatting, and even a hallucinated CVSS score, while noting they had high confidence an AI model helped both identify the vulnerability and weaponize it.
The incident comes amid broader evidence that AI is becoming embedded across the attack lifecycle. Google and other researchers reported threat actors using large language models for reconnaissance, phishing preparation, troubleshooting, malware development, and increasingly autonomous attack orchestration, including malware able to assess victim environments and execute commands with less human oversight. Check Point Research separately described the VoidLink Linux malware framework as an example of AI-assisted malware development at operational scale, with a single developer allegedly producing more than 88,000 lines of code in under a week using an AI-powered IDE, while other reporting linked China-, North Korea-, and Russia-aligned activity to AI-enabled exploit research, decoy code, voice cloning, and Android malware automation.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
4 events from the most recent confirmed update back to the earliest known activity.
Google details broader adversarial AI use across cyber operations
Google reported that threat actors are increasingly using large language models for reconnaissance, research, troubleshooting, phishing preparation, malware development, and more autonomous attack orchestration. Reporting also highlighted examples including China- and North Korea-linked actors exploring AI for exploit development and Android malware using Gemini APIs to automate device interaction.
Google reports first observed AI-developed zero-day use by threat actor
Google’s Threat Intelligence Group said it had observed, for the first time, a threat actor using a zero-day exploit developed with AI assistance. Google characterized the case as early evidence of AI-enabled exploit development becoming operational in real attacks.
Google identifies AI-assisted zero-day exploit and alerts vendor
Google Threat Intelligence Group reported that it identified a zero-day exploit targeting a widely used open-source web administration platform and assessed that AI likely helped develop the exploit. Google said it notified the affected developer, disrupted the attack before broad exploitation, and the vendor patched the issue.
VoidLink AI-built malware framework reaches first functional implant
Check Point Research said the VoidLink Linux malware framework, reportedly built by a single developer using ByteDance’s TRAE SOLO AI-powered IDE and a spec-driven workflow, produced its first functional implant around December 4, 2025. The framework allegedly included modular C2, rootkits, cloud and container enumeration, and more than 30 post-exploitation plugins.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Report: Adversarial Use of AI is Evolving
blog.knowbe4.com
Open sourceGoogle Detects AI-Generated Zero-Day Exploit Targeting Web Admin Tool - CySecurity News - Latest Information Security and Hacking Incidents
cysecurity.news
Open sourceGoogle Announces Its First-Ever Discovery Of A Zero-Day Exploit Made With AI
engadget.com
Open sourceAI Threat Landscape Digest January-February 2026 - Check Point Research
research.checkpoint.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Google Disrupts AI-Built Zero-Day Exploit Targeting 2FA in Web Admin Tool
Google Threat Intelligence Group said it disrupted what it believes is the first observed cybercriminal campaign to use AI to develop a working zero-day exploit, preventing a likely mass-exploitation event against an unnamed open-source web administration tool. The flaw was a semantic logic issue in a Python script that allowed two-factor authentication bypass with valid credentials, and Google said the exploit code showed strong signs of LLM assistance, including heavily annotated Python, educational docstrings, textbook formatting, and even a hallucinated CVSS score. Google notified the vendor before the exploit was deployed at scale, and researchers assessed with high confidence that the code was generated with meaningful help from an AI model other than Gemini. Google said the case reflects a broader shift as threat actors industrialize generative AI across the attack lifecycle, from vulnerability research and exploit validation to malware development, obfuscation, reconnaissance, and social engineering. The company linked this trend to activity from China-, North Korea-, and Russia-aligned operators, and highlighted examples including **PROMPTSPY**, an Android backdoor that used the Gemini API to interpret device interfaces and automate clicks and swipes, as well as supply-chain compromises tied to repositories associated with **Trivy**, **Checkmarx**, **LiteLLM**, and **BerriAI**. Google said it has disabled malicious Gemini-linked assets and urged organizations to harden CI/CD pipelines, protect tokens, and scrutinize AI-related dependencies and abuse infrastructure.
May 13, 2026Attackers Abuse AI Services and Exposed LLM Infrastructure for Intrusions and Compute Theft
Researchers and vendors reported a sharp rise in attacks targeting AI infrastructure, from exposed self-hosted LLM servers to commercial coding assistants used in real intrusions. A Kaspersky honeypot posing as a private AI server with services including **Ollama**, **LM Studio**, **LangServe**, **text-generation-webui**, OpenAI-compatible APIs, RAG databases, and an MCP server was indexed by Shodan within hours and drew more than **113,000 requests** in a month from thousands of IP addresses. Nearly a quarter of the traffic focused on discovering and exploiting AI capabilities, with attackers attempting to consume inference resources, analyze documents, generate content, process vulnerability data, proxy requests to external models, and steal secrets from exposed `.env` files using tooling such as **LLM-Scanner**. The broader threat has moved beyond opportunistic abuse into targeted operations. Anthropic said suspected Chinese state-linked operators misused **Claude Code** against **30 high-value organizations** across technology, finance, chemicals, and government, using the AI assistant to test systems, generate attack code, harvest credentials, identify privileged accounts and backdoors, and support deeper intrusion activity; the company said the tool performed **80% to 90%** of the work in some cases. Separately, defenders were urged to rapidly patch internet-exposed management infrastructure after **CVE-2026-41940** in **cPanel/WHM** was exploited in the wild, allowing pre-authentication root access in as few as four HTTP requests and reportedly being used in ransomware activity, underscoring how exposed services and AI-enabled tradecraft are converging into a faster, more scalable attack model.
May 25, 2026
AI-Enabled Offensive Techniques Accelerate Web Phishing and Vulnerability Exploitation
Security researchers reported an emerging web attack technique that uses **generative AI** to turn a benign webpage into a malicious phishing or credential-stealing page *at runtime*. In a proof of concept attributed to Palo Alto Networks’ **Unit 42**, a “clean” page embeds instructions that trigger calls to public LLM APIs (e.g., Google Gemini, DeepSeek) to generate malicious JavaScript after the victim loads the site; the code is then executed in the browser, leaving little or no static payload to detect. Because the generated content is fetched from trusted AI service domains, the approach can also reduce the effectiveness of some network filtering and static analysis controls. Separately, an Anthropic evaluation highlighted that modern AI models are increasingly capable of conducting **multi-stage network attacks** using only standard, open-source tooling rather than specialized custom toolkits. The write-up notes that Claude Sonnet 4.5 could, in some simulated environments, identify a known public CVE and produce working exploit code quickly enough to exfiltrate sensitive data in an Equifax-like breach simulation, underscoring how AI can compress attacker timelines and increase the importance of fundamentals such as rapid patching and vulnerability management.
Mar 21, 2026