Google halts AI-driven attempt to bypass 2FA

Google’s Threat Intelligence Group reported it intercepted and neutralized a criminal operation that used artificial intelligence to find and weaponize a zero-day vulnerability to bypass two-factor authentication. Google reported the activity was stopped before it could be deployed widely.

TAG investigators found the attackers used AI tools to search for previously unknown vulnerabilities, then automated exploit development and attack testing to scale efforts aimed at defeating 2FA protections.

Google linked the pattern of AI-assisted hacking to advanced persistent threat groups associated with Iran, China, North Korea and Russia. TAG analysts noted those actors are using AI for reconnaissance, scanning for vulnerabilities and automating steps that once required more human effort.

The techniques the operation sought to use are established: phishing, malware, credential theft and bypassing two-factor protections. Google reported that AI increased the speed and scale of the attackers’ work.

Google reported its detection systems are tuned to flag when AI tools are being used to prepare or test exploits rather than for authorized security research. The company said its safeguards have blocked AI-driven attempts across categories including phishing and malware development.

One AI company delayed the release of a new model over security concerns, and researchers urged coordination among companies and security teams because no single organization can address the rise in AI-enabled threats alone.

Cryptocurrency platforms rely on two-factor authentication. A mass bypass of 2FA could allow attackers to drain exchange accounts, compromise wallets and steal digital assets. North Korea’s Lazarus Group has previously been linked to large crypto thefts.

Security experts recommend hardware security keys for stronger protection and moving high-value holdings to cold storage where private keys are kept offline.

A zero-day is a vulnerability unknown to software vendors and unpatched; attackers can exploit it until a fix is released. Two-factor authentication requires a second step, such as a code or a physical key, on top of a password. AI can speed discovery and exploit development by automating the search and testing process.

Google published a report outlining these findings.