
Summaries like this, in your inbox every morning.
Sign up free →Google Threat Intelligence Group detected 'prominent cyber crime threat actors' planning to use a zero-day vulnerability in an unnamed open-source web-based system administration tool to bypass two-factor authentication in a 'mass exploitation event.' Google's researchers found evidence of AI involvement in the Python script, including a 'hallucinated CVSS score' and 'structured, textbook' formatting consistent with LLM training data.
The vulnerability exploited 'a high-level semantic logic flaw where the developer hardcoded a trust assumption' in the platform's 2FA system. Google was able to 'disrupt' this particular exploit, though the report notes researchers 'do not believe Gemini was used' in the attack.
Google's report indicates hackers are increasingly using AI to find and exploit security vulnerabilities, including through 'persona-driven jailbreaking' (instructing AI to roleplay as a security expert) and feeding AI models entire vulnerability repositories to refine AI-generated payloads before deployment.
No comments yet. Be the first to share your thoughts!
Log in to join the discussion




Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack