Google Threat Intelligence Group Reports First AI-Developed Zero-Day Exploit Bypassing 2FA
The Google Threat Intelligence Group (GTIG) has published a report detailing a concerning trend: attackers are now using AI across almost every area of cybercrime, including developing at least one zero-day exploit from scratch. The exploit in question is a Python script that bypasses two-factor authentication (2FA) in a popular open-source, web-based system administration tool. According to GTIG, the code shows 'all the hallmarks of AI usage' and abuses a logic flaw in the authorization flow.
GTIG notes that while current LLMs still 'struggle to navigate complex enterprise logic,' they excel at contextual reasoning. This capability allows them to read source code, validate developer intent versus actual implementation, and quickly identify unconsidered corner cases that lead to vulnerabilities.
The report also highlights other malicious AI applications:
- Self-morphing malware: Malware that can modify its own source code, create exploit payloads dynamically, and even generate decoy code to evade detection.
- Gemini-powered backdoors: Attackers are leveraging Google's Gemini model to create backdoors, though specific implementation details are not yet disclosed.
The findings suggest a new era of cybercrime where AI automates not just exploit delivery but the discovery and creation of vulnerabilities themselves. The zero-day exploit is particularly notable as it marks the first recorded instance of a fully AI-developed exploit bypassing 2FA.
For security teams, this underscores the need to assume that 2FA alone is insufficient against AI-augmented adversaries. Logic flaws in authentication flows, especially in open-source tools, will be increasingly targeted. Code review processes should incorporate automated reasoning checks to catch such flaws before deployment.
📖 Read the full source: HN AI Agents
👀 See Also

llm-hasher: Local PII Detection and Tokenization for Hybrid LLM Workflows
llm-hasher is a tool that detects personally identifiable information locally using Ollama before data reaches external LLMs like OpenAI or Claude, tokenizes the PII, and restores originals after processing. It uses regex for structured data types and a local LLM for contextual detection, with encrypted storage for mappings.

Roblox cheat and AI tool caused Vercel platform outage
A Roblox cheat combined with an AI tool reportedly caused a complete platform outage for Vercel, generating significant discussion on Hacker News with 66 points and 24 comments.

OpenClaw Slack Security: API Key Exposure Risks and Fixes
OpenClaw Slack deployments can expose API keys through error messages in channels, with over 8,000 instances found exposed in a Bitsight report. The source details three specific vulnerabilities and provides practical fixes including system prompt modifications and SlackClaw migration.

Sandboxing AI Agents with WebAssembly: Zero Authority by Default
Cosmonic argues that traditional sandboxing (seccomp, bubblewrap) fails for AI agents due to ambient authority. WebAssembly's capability-based model grants zero authority by default, requiring explicit imports for filesystem, network, or credentials.