Forensic Summary

Google's Threat Intelligence Group has confirmed the first known instance of a threat actor using an AI model to discover and weaponize a zero-day vulnerability — a 2FA bypass in a popular open-source web administration tool. The exploit, delivered via a Python script bearing hallmarks of LLM-generated code (including hallucinated CVSS scores and structured docstrings), was designed for mass exploitation. This marks a significant inflection point in the offensive AI threat landscape, demonstrating that AI-assisted vulnerability discovery and weaponization has moved from theoretical risk to confirmed operational reality.

Read the full technical deep-dive on Grid the Grey: https://gridthegrey.com/posts/ai-generated-zero-day-exploit-bypasses-2fa-in-first-confirmed-wild-use/