Google’s GTIG Detects First AI-Developed Zero-Day Exploit Amid Massive Service Outage
Google Threat Intelligence Group detected the first AI-developed zero-day exploit used in the wild to bypass 2FA. The discovery coincided with a global Google outage where users faced '500 Internal Server Errors'. While no link is confirmed, the exploit marks a shift in cyber warfare, as AI was used to find complex logical vulnerabilities.
The Google Threat Intelligence Group (GTIG) confirmed on Tuesday, May 12, that it has detected the first known instance of cybercriminals using artificial intelligence to develop a working "zero-day" exploit in the wild. The discovery comes as Google's infrastructure faces a separate crisis, with millions of users worldwide reporting a "500 Internal Server Error" across Search, Gmail, and Gemini services early Tuesday.
The AI-Generated Zero-Day
According to a report released by Google, a prominent cybercrime group leveraged a large language model (LLM) to discover and weaponise a vulnerability in a popular open-source system administration tool. The exploit, a Python-based script, was designed to bypass two-factor authentication (2FA), allowing attackers to gain full account access using only stolen credentials. Google Search Down: Users Across India, US and Other Regions Report ‘500 Internal Server Error’ During Global Outage.
GTIG Detected First Known Instance of a Threat Actor Using an AI-Developed Zero-Day Exploit
GTIG researchers stated they have "high confidence" that the exploit was AI-assisted due to specific "hallucinations" in the code. These included a fake CVSS severity score and "textbook" Python formatting and educational docstrings - features typical of AI training data but rarely found in human-written malware. Google clarified that its own Gemini model was not used to create the threat.
Global Infrastructure Outage
Simultaneously with the security revelation, Google experienced a major global outage on Tuesday morning. Users in the United States, India, and Europe reported that Google Search was completely inaccessible, frequently returning a "500 Internal Server Error" message. While technical indicators suggest a backend failure in authentication or load-balancing layers, the timing of the outage sparked intense speculation online regarding a potential link to the newly discovered AI exploits. Google has not yet confirmed the root cause of the service disruption, though engineers are reportedly working on a global server stabilisation.
A New Era of Cyber Threats
Security experts warn that this event marks a significant shift in the digital arms race. While AI has previously been used for "productivity gains" like writing phishing emails, this is the first confirmed case of AI reasoning being used to find "business-logic" flaws that traditional scanners often miss. "There’s a misconception that the AI vulnerability race is imminent. The reality is that it's already begun," said John Hultquist, the group's chief analyst. He also said that threat actors are using AI to boost the speed, scale, and sophistication of their attacks.
Defensive Measures by Google
Google confirmed it worked with the affected software vendor to patch the 2FA vulnerability before a "mass exploitation event" could occur. To counter the rising use of malicious AI, the company is deploying its own AI-driven defensive tools, such as the "Big Sleep" vulnerability agent and the "CodeMender" patching tool, to identify and fix flaws before they can be discovered by automated threat actors.
(The above story first appeared on LatestLY on May 12, 2026 10:05 PM IST. For more news and updates on politics, world, sports, entertainment and lifestyle, log on to our website latestly.com).