Cyber·Monitoring
Shai-Hulud Supply-Chain Attack Trojanizes 19 PyPI Packages
PyPI repository (global online service)· Global4 Jun
5 reportsPROPCYCAS
MediumAI Refreshed
ClosedMedium impactAI Generated
Google GTIG: First AI-Generated Zero-Day Exploit Identified; State Actors Expand AI-Assisted Cyber Operations – May 2026
Occurred 11 May 2026·Detected 12 May 2026·
🇺🇸 Global – cyber operations attributed to actors linked to China, North Korea, and Russia; target software used worldwide2 reportsEnded 29 May 2026
CyberPropertyCyberCasualty & Liability
Google's Threat Intelligence Group (GTIG) has identified the first confirmed zero-day exploit believed to have been developed using AI, targeting an unnamed open-source web administration tool to bypass two-factor authentication. The Python exploit's structure — including hallucinated CVSS scores and LLM-characteristic formatting — provided high-confidence evidence of AI involvement. The attack was foiled before mass exploitation. GTIG also reported broader trends of Chinese (APT27, APT45) and North Korean (UNC2814, UNC5673, UNC6201) threat actors using AI for vulnerability discovery, while Russian actors employed AI-generated code to obfuscate malware and AI voice cloning in influence operations.
AI-generated from linked source reports. See our correction policy.
Impact verdict
Medium impact. The attack was foiled before mass exploitation, limiting immediate loss potential. However, the demonstrated capability for AI-assisted zero-day development represents a significant escalation in the cyber threat landscape, with potential to increase frequency and severity of future insured cyber events globally.
View assessment methodologyHow we grade what we know -- Known · Reported · Uncertain. Methodology →
Intelligence ledger
Each line expands in place to its underlying sourced claim.
Known8 lines
Google GTIG published a report on 11 May 2026 identifying the first known AI-developed zero-day exploit.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
The exploit targeted an unnamed open-source web-based system administration tool to bypass 2FA.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
The Python exploit code contained hallucinated CVSS scores and LLM-characteristic formatting, giving Google high confidence in AI involvement.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Google rules out Gemini as the LLM used.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
The attack was disrupted before mass exploitation occurred.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Chinese APT groups APT27 and APT45 and North Korean groups UNC2814, UNC5673, UNC6201 have been observed using AI for cyber operations.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Russian actors used AI-generated decoy code in malware CANFAIL and LONGSTREAM, and AI voice cloning in 'Operation Overload'.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
PromptSpy Android backdoor uses Gemini APIs for autonomous device interaction.▾
structured lineknown
No separate sourced-claim record is available for this line yet.
Reported3 lines
The vulnerability exploited is described as a high-level semantic logic bug, a category where AI excels.▾
structured linereported
No separate sourced-claim record is available for this line yet.
Threat actors are industrialising access to premium AI models via automated account creation, proxy relays, and account-pooling infrastructure.▾
structured linereported
No separate sourced-claim record is available for this line yet.
Google notified the affected software developer, enabling timely disruption.▾
structured linereported
No separate sourced-claim record is available for this line yet.
Uncertain4 lines
The identity of the specific web administration tool targeted has not been disclosed.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The specific LLM used by the threat actor to develop the exploit has not been identified.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The identity of the threat actor responsible for the zero-day exploit has not been specified.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
The attribution of the zero-day development to a state or non-state actor remains unclear.▾
structured lineuncertain
No separate sourced-claim record is available for this line yet.
Geographic Zone Matches
4 active matches
- JWC Listed AreasRule-basedConfidence 100%
- TRIA Certified AreasRule-basedConfidence 100%
- OFAC Sanctioned CountriesRule-basedConfidence 100%
- EU Sanctions ListRule-basedConfidence 100%
Geographic zone matches are RiskEvents spatial/analytical indicators, not coverage determinations or Lloyd's official classifications.
Affected countries
🇨🇳 China🇬🇱 Global🇰🇵 North Korea🇷🇺 Russia🇺🇸 United States
Timeline
Status Change2 Jun 2026, 13:05
Lifecycle changed
monitoring → closed
Closure2 Jun 2026, 13:05
Event Closed
auto_closed_monitoring_timeout
Status Change29 May 2026, 05:30
Status changed to monitoring
Auto-transitioned: no updates for 6 hours
active → monitoring
Status Change28 May 2026, 22:36
Status changed to active
remediation: existing authoritative signal
signal → active
Corroboration12 May 2026, 02:10
Google's Threat Intelligence Group (GTIG) has reported that AI-powered hacking has escalated from a nascent problem to an industrial-scale threat within just three months. Criminal groups and state-linked actors are leveraging commercial AI models to refine and scale up cyberattacks, exploiting vulnerabilities across a broad range of software systems. The findings contribute to a growing global debate about AI's role as a powerful offensive tool in cybersecurity.
Source: The Guardian World (Mainstream Media) · View source
Initial Detection12 May 2026, 01:45
Initial Detection
Google's Threat Intelligence Group (GTIG) has identified the first confirmed zero-day exploit believed to have been developed using AI, targeting an unnamed open-source web administration tool to bypass two-factor authentication. The Python exploit's structure — including hallucinated CVSS scores and LLM-characteristic formatting — provided high-confidence evidence of AI involvement. The attack was foiled before mass exploitation. GTIG also reported broader trends of Chinese (APT27, APT45) and North Korean (UNC2814, UNC5673, UNC6201) threat actors using AI for vulnerability discovery, while Russian actors employed AI-generated code to obfuscate malware and AI voice cloning in influence operations.
"For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI," GTIG researchers say. "The script contains an abundance of educational docstrings, including a hallucinated CVSS score, and uses a structured, textbook Pythonic format highly characteristic of LLMs training data."
Source: BleepingComputer (Trade Media) · View source
Lloyd's classifications
Tracking this kind of risk? Get an email when Cyber events escalate.
Get alerts