# Google identified an unknown threat actor using a zero-day exploit that it said was likely developed with an artificial intelligence (AI) system.

*genai · news · 2026-05-11 · The Hacker News*

## Key points

- Google detected a zero-day exploit likely developed with AI, marking the first such real-world case.
- The Python script exploit bypasses 2FA on a popular open-source admin tool using LLM-generated code.
- PromptSpy malware uses Gemini AI for autonomous screen analysis and biometric bypass on Android devices.
- Threat actors exploit shadow APIs and relay stations to access restricted AI models and capture user data.
- Researchers found Gemini's accuracy drops from 83.82% to 37% when accessed via unauthorized shadow APIs.

**Companies:** Google
**Countries:** China, North Korea, Russia, Japan, United States, Saudi Arabia, Iran, Ukraine

[Read the full story on The Hacker News](https://thehackernews.com/2026/05/hackers-used-ai-to-develop-first-known.html)

---

Canonical: https://newsio.io/n/3ade6aae-e518-4f54-ab20-f1691ba1883c/google-identified-an-unknown-threat-actor-using-a-zero-day-exploit-that-it-said
Summarized by Newsio from The Hacker News. https://newsio.io/how-it-works