Google disclosed an unknown threat actor likely used an AI-generated Python exploit to discover and weaponize a zero-day 2FA bypass in an open-source web-based system administration tool. The report also highlights multiple AI-abuse campaigns, including PromptSpy on Android, which uses Gemini-related techniques for autonomous device control, credential capture, and persistence. #PromptSpy #UNC2814 #APT45 #APT27 #CANFAIL #LONGSTREAM #UNC6201 #UNC5673 #TeamPCP
Keypoints
- Google found a zero-day 2FA bypass likely created with an AI system.
- The exploit used a Python script with signs of LLM-generated code.
- Google worked with the vendor to fix the flaw and disrupt the campaign.
- PromptSpy abuses AI to monitor screens, capture biometrics, and resist removal.
- Google also flagged AI abuse by UNC2814, APT45, APT27, and other threat actors.
Read More: https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html