The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be

The First AI-Crafted Zero-Day Was Easy to Spot. The Next One May Not Be

Briefly

"Google reported the first publicly confirmed working zero-day exploit developed with AI assistance: a Python-based 2FA bypass in a popular open-source web administration tool. Google worked with the vendor to patch the flaw before the campaign launched. A technical detail that should drive every board conversation in the next 90 days is not the exploit itself. It is the class of vulnerability that the AI was good at finding."

"The flaw was a high-level semantic logic error - a developer had hardcoded a trust assumption that contradicted the application's own 2FA enforcement logic. That is the kind of bug fuzzers and static analysis tools routinely miss. As GTIG researchers put it, frontier LLMs "have an increasing ability to perform contextual reasoning, effectively reading the developer's intent." Once an attacker can do that at scale, the supply of exploitable logic flaws in widely deployed software is no longer constrained by how many human researchers are looking."

"The exploit's AI authorship was given away by what the Help Net Security write-up called textbook LLM artifacts - a hallucinated CVSS score, educational docstrings, a clean ANSI color class, and detailed help menus. These are training-data fingerprints. Each is a one-week prompt for the next operator who reads GTIG's report. The second AI-crafted zero-day will not be this easy to identify."

"That is the survivorship bias problem that GTIG's own chief analyst flagged. John Hultquist told Infosecurity Magazine that "for every zero-day we can trace back to AI, there are probably many more out there." Read in context, that is GTIG acknowledging that the case t"