Google: A China and Korea-Linked AI Zero-Day Exploit
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
Google Detects a Zero-Day Exploit Developed by AI
Google recently announced that it has identified a zero-day exploit developed with the help of a language model (LLM), marking a first in the field of cybersecurity. This exploit allows attackers to bypass two-factor authentication (2FA) by exploiting a logic flaw in the authentication system, a more subtle and harder-to-detect method than traditional technical bugs.
Involvement of China and North Korea
Google's report highlights that hacker groups associated with China and North Korea are beginning to integrate AI into their attack operations. This evolution represents a new stage in the use of advanced technologies to conduct cyberattacks.
Technical Details of the Exploit
A group of cybercriminals used AI to develop a zero-day exploit capable of bypassing the 2FA of an open-source web-based system administration tool. This exploit was integrated into a Python script, illustrating the growing use of AI in cybercriminal attacks.
Nature of Zero-Day Exploits
Zero-day exploits are vulnerabilities that have not yet been discovered by software vendors, allowing hackers to carry out attacks before a patch is released. In other words, the vendor has "zero days" to respond to the discovery of the flaw.
AI as a New Tool for Hackers
Traditionally, zero-day exploits were discovered by specialized researchers. However, Google indicates that no documented case had yet shown the direct involvement of an LLM in the development of a zero-day exploit observed during an attack. Although the hacker group and the targeted tool were not named, Google collaborated with the relevant vendor to prevent widespread exploitation of the flaw.
Characteristics of AI-Generated Code
Google identified several telltale signs of AI-generated code, such as verbose documentation, a falsified CVSS score, and a well-structured Python script with detailed help menus.
Bypassing Two-Factor Authentication
The flaw exploited relies on an error in the logic of the authentication system, rather than a classic technical bug. The application considered a user with valid credentials to be trustworthy, thus allowing the bypass of 2FA in certain cases. This type of vulnerability is difficult to detect with traditional security tools, as the code functions as intended. Language models can analyze the logic of a program and identify inconsistencies that open exploitable vulnerabilities.
Conclusion
This report from Google underscores that it is the first time a successful use of AI to develop a zero-day vulnerability has been documented. It also highlights how groups linked to states like China and North Korea are already integrating AI into their attack tools, making AI essential in increasingly sophisticated attack chains.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.