The line between AI as a productivity tool and AI as a weapon just got a lot blurrier. On May 11, 2026, Google’s Threat Intelligence Group published a report documenting something the security community had long feared but never confirmed: a criminal actor using an AI model to discover a zero-day vulnerability and then build a working exploit around it.
Zero-days, which are software flaws unknown to the vendor and therefore unpatched, have historically required deep human expertise to uncover.
What actually happened
The exploit targeted a Python script tied to two-factor authentication bypass in a widely used open-source system administration tool.
Google stated it had “high confidence” that an AI model played a central role in both discovering the flaw and developing the weaponized code. That confidence assessment came from analyzing the code structure, comments, and other technical indicators left behind in the exploit.








