Hackers Used AI to Build a Zero-Day Exploit That Bypasses Two-Factor Authentication: Google

Google's Threat Analysis Group disclosed that cybercriminals deployed an AI model to discover and exploit a zero-day vulnerability that circumvented two-factor authentication protections. The threat team confirmed the finding Monday, marking one of the first documented instances of attackers using artificial intelligence to identify previously unknown exploits in production systems.

The attackers leveraged the zero-day to bypass 2FA defenses, a critical security layer protecting user accounts. The vulnerability remained unpatched at the time of discovery, giving threat actors a window to access accounts before Google could deploy a fix. Google's researchers did not disclose which specific software contained the flaw, though the confirmation underscores growing risks in the AI era.

This development signals an escalation in threat sophistication. Rather than manually searching for vulnerabilities through reverse engineering or fuzzing, attackers now employ machine learning models trained to identify exploitable weaknesses at scale. The approach reduces discovery time and increases the volume of potential targets.

The incident carries implications beyond traditional cybersecurity. Crypto exchanges, DeFi protocols, and self-custody platforms all depend on 2FA to protect high-value accounts. A reliable bypass could enable large-scale account takeovers targeting institutional or retail holders. Hot wallets and exchange accounts become attack vectors if 2FA proves compromised.

Google did not specify whether the zero-day affected its own services or third-party systems. The disclosure came without naming the threat actors involved or revealing the vulnerable software component. Such operational secrecy typically precedes coordinated patching efforts to minimize exploit window expansion.

The finding arrives as AI-driven security tools proliferate across the industry. While defenders use machine learning for threat detection and vulnerability scanning, this case demonstrates that attackers effectively weaponize the same techniques. Security teams now face adversaries capable of automating exploit development at a pace human researchers cannot match.

Organizations relying on 2FA as a primary defense layer face renewed urgency to implement additional protections. Hardware security keys, biometric authentication, and zero-trust architectures reduce reliance on single authentication factors vulnerable to automated exploitation.