Google Says AI-Built Zero-Day Exploit Was Blocked In Attack

Google said it disrupted a zero-day cyberattack attempt that the company believes was developed with the help of artificial intelligence, marking what it described as the first known case of an AI-assisted zero-day exploit being used in the wild.

The company said its security teams detected and blocked the activity before it could be used in a wider campaign. Google characterized the effort as connected to a hacker group and said it likely prevented a larger “mass exploitation” event.

A zero-day is a previously unknown software vulnerability that can be exploited before a fix is available. Google said the exploit it stopped was built to take advantage of an unknown weakness in a company’s digital defenses and was designed to bypass two-factor authentication, a common security measure used to protect online accounts.

Google did not publicly name the targeted company in the reports describing the incident, and it did not provide technical details that would enable copycat attacks. The company’s researchers said the blocked exploit appeared to be generated with AI tools, underscoring how attackers are attempting to speed up the creation of sophisticated hacking methods.

The development matters because zero-day exploits are among the most dangerous tools in cybercrime and espionage, often enabling rapid, stealthy compromise of systems. If AI can meaningfully reduce the time and expertise required to craft such exploits, defenders could face faster-moving threats, with less warning before attacks scale.

The incident also highlights the continued pressure on widely used security practices like two-factor authentication. While 2FA remains a critical layer of protection, attackers have increasingly targeted implementation weaknesses and workarounds. Google’s account of an AI-assisted attempt to bypass 2FA adds urgency to efforts to harden authentication systems and expand use of stronger methods.

Google’s response suggests companies are already contending with attackers experimenting with AI not just for phishing and social engineering, but for more technical exploitation. The company’s researchers framed the disrupted effort as an early signal of how automated tooling could be incorporated into advanced attack planning.

What happens next will depend on whether other organizations corroborate similar activity and whether more details emerge about the vulnerability and the tooling used to develop the exploit. Google has indicated it is continuing to monitor for related attempts and to strengthen defenses against exploit chains that target authentication and account recovery pathways.

For companies and users, the episode serves as a reminder that the line between traditional hacking and AI-assisted development is narrowing, and that high-stakes vulnerabilities can surface without warning even in mature security environments.