Key Highlights

• Google’s GTIG identified the first confirmed AI-developed zero-day exploit — a 2FA bypass on a web administration tool — which was disrupted before it could be deployed in a planned mass exploitation event.
• PRC and DPRK-linked threat actors are using AI to automate vulnerability discovery at industrial scale, with North Korea’s APT45 sending thousands of recursive prompts to validate proof-of-concept exploits.
• A new autonomous Android malware called PROMPTSPY uses Google’s Gemini API to navigate victim devices, replay authentication gestures, and resist uninstallation — signaling the rise of AI-driven attack orchestration.