Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
Summary
Hide ▲
Show ▼
An AI-assisted zero-day exploitation campaign was planned by prominent cybercrime threat actors, but the effort was disrupted before deployment and did not reach its intended target. The operation aimed to use a newly found flaw to bypass 2FA on a popular open-source, web-based system administration tool. The tooling showed signs of AI-generated development, including highly structured docstrings and a hallucinated CVSS score. The case matters because it shows how AI can speed up vulnerability discovery and weaponization.
Related Happenings
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical Analysis
H score3
First: 08.07.2026 18:07
Last: 08.07.2026 18:07
Sources 1
About this happening:
Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical AnalysisAbout this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/Service
H score22
First: 23.06.2026 18:16
Last: 23.06.2026 18:16
Sources 1
About this happening:
Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
Skills.sh scanner blind spot for externally linked AI agent skills
Security Tool/ServiceAbout this happening: Security scanners for **AI agent skills**, including those wired into **skills.sh**, cleared a fake skill that hid its real payload behind **stitch-design.ai**, exposing a vetting...
GC3 AI hackathons for government code remediation
Public Sector Action
H score28
First: 15.06.2026 12:30
Last: 15.06.2026 12:30
Sources 1
About this happening:
**GC3** ran weekly AI hackathons that uncovered and helped remediate **407 vulnerabilities** across **nine UK government departments**, reducing exploitable risk in public-sector...
GC3 AI hackathons for government code remediation
Public Sector ActionAbout this happening: **GC3** ran weekly AI hackathons that uncovered and helped remediate **407 vulnerabilities** across **nine UK government departments**, reducing exploitable risk in public-sector...
ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds
Technical Analysis
H score16
First: 04.06.2026 16:00
Last: 04.06.2026 16:00
Sources 1
About this happening:
Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...
ExploitBench benchmark shows frontier AI models can stage Chrome exploit chains against vulnerable V8 builds
Technical AnalysisAbout this happening: Bugcrowd’s **ExploitBench** now shows frontier AI models can progress through staged **Google Chrome** exploit chains, raising the risk of faster **AI-assisted exploit development...
Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises
Security Tool/Service
H score20
First: 28.05.2026 12:55
Last: 28.05.2026 12:55
Sources 1
About this happening:
Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...
Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises
Security Tool/ServiceAbout this happening: Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...
Timeline
-
11.05.2026 16:00 2 articles · 1mo ago
GTIG discloses AI-assisted zero-day campaign
Initial DisclosureGoogle Threat Intelligence Group said prominent cybercrime threat actors planned a mass vulnerability exploitation operation that used an AI model to identify and weaponize a zero-day vulnerability to bypass two-factor authentication (2FA) on a popular open-source, web-based system administration tool. GTIG said it worked with the system admin tool vendor to close the flaw and disrupt the campaign before the new zero-day could be exploited, and its analysis found Python code with highly structured educational docstrings and a hallucinated CVSS score that suggested AI-generated assistance.
Show sources
- Hackers Observed Using AI to Develop Zero-Day for the First Time — www.infosecurity-magazine.com — 11.05.2026 16:00
- Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation — thehackernews.com — 11.05.2026 18:45