AI Just Broke 2FA (And No One Is Ready)

Added: 2026-05-25

[00:00:00]Two factor authentication is supposed to be our last line of defense. The things that keep attackers out even when they have your password. Now, Google just confirmed that AI was used to break it automatically at scale with no human needed and the security industry is not ready for what comes next. We got the article on screen here. Hackers used AI to develop the first known zero-day 2FA bypass for mass exploitation. So, essentially what happened here is Google identified that there was some unknown threat actor that was using a zero-day exploit that was likely crafted entirely by an AI, which this is something we have not seen before. This is something we've been talking about for a while that this is probably something that we would see. Now, we actually have seen it. It was kind of vague on the details of exactly what happened. What they do give us, there was a zero-day that allowed them to bypass 2FA. The AI wrote like this Python script that would enable it to do it and it was against some kind of open source web-based administration tool, though Google doesn't say which one and they also don't mention which LLM was used, which could be Gemini, right? Maybe they don't want to divulge that information, but who knows, right? So, that's pretty much what we have on this. The other thing that's interesting is this article goes really in-depth on a lot of the other AI-based attacks that we're seeing out there. They're saying like very high likelihood that AI was used to write the exploit, but that's not even 100% confirmed either. Essentially what it says is that in the script that they uncovered, there was a bunch of educational docstrings and even a hallucinated CVSS score, textbook Pythonic format, which is highly characteristic of LLM's training data and not necessarily they know for sure that it was written by AI. We see sometimes where it's like, "Oh, it's AI, it's AI, it's AI." And then you find out it's like something completely different like, "Oh, this part was AI, but this part was not AI, right?" I don't know if you guys remember this. This This maybe 10 years ago. There's like a Amazon just walk out or something like that or maybe it was like 8 years ago. Everyone thought that Amazon was using AI in the stores to detect what you picked up off the shelf to just walk out of the store and it would charge you. You put your credit card in and it would charge you automatically. You didn't have to go to a checkout. Everyone thought, "Wow, what an amazing technology." No, it turns out that it was a call center in India that were like watching you through the CCTV cams and seeing what you picked up and they were charging you. So, it was like a whole team of of labor from India was doing that. Could be a case here where it's like they're making it look like AI, but really the exploit was written by a human. I'm not saying that's what I believe or anything. I'm just saying like we don't know in other words. So, before we fly off the handles on this.

[00:02:37]If you're learning cybersecurity right now and you're trying to position yourself cuz you see the opportunity in the market and you just want a little bit of help and guidance to streamline that process, check out the link in the description below. Let's hop on a call and figure out a game plan for you.

[00:02:50]Here's where things get pretty interesting where they start talking about different AI-based attacks that they're seeing out there in the wild. Uh so, they describe AI as acting as a force multiplier for vulnerability disclosure and abuse. Um so, we already have talked many times on this channel things about polymorphic malware where the malware can use AI cuz remember AI is non-deterministic meaning that the same input might result in a completely different output. Compare that to something like traditional code where it is deterministic. Same input always equals same output with traditional code. So, this polymorphic aspect of it can allow it to bypass things like static detection and that's where the polymorphic stuff comes into play. Prompts by this one is absolutely crazy to me. It's a essentially an Android malware abuses Gemini. So, this one is confirmed abusing Gemini to analyze your screen and provide it with instructions to pin the malicious app in the recents app list. They have like screen watching software and it's using Gemini to dynamically make decisions based on what you have up on your screen. That that to me is insane.

[00:03:58]That's one of the good use cases even in automation, right? Your traditional workflow automation with something like an N8N or something like that. Well, traditionally it was just do this, do this, do this, very, you know, deterministic, very programmatic. Now, when you throw AI into those automations, it can take the output from the previous tool as input, do some reasoning, and then decide where to go next. So, this is kind of the malicious version of that. But, here you can see everything kind of diagrammed out. You got your threat actor leveraging an AI.

[00:04:25]And that's the thing, you might be wondering, wait, how did he use Gemini?

[00:04:28]How are they using these big AI tools?

[00:04:30]Don't they have guardrails in place?

[00:04:31]Don't they have like security around their AIs? Like, I tried to ask it for hacking, it wouldn't help me. One of the biggest things is something called prompt injection. Prompt injection is a security issue that is inherent to how this technology works. Meaning that there is no catch-all solution to preventing prompt injection. But, if a prompt injection is, you know, executed against a LLM, then you can do things like jailbreaking it or get it to do more or less whatever you want. This is something that most definitely these APTs are taking advantage of and and probably quite easily to be honest with you. Uh but, yeah, that's how they're able to leverage these um commercial AIs. Um and so, here in the case of like maybe Gemini or or whatever they used, they were then able to identify a zero-day vulnerability. Here's the significance of this. Not only did it identify it, but they were also able to allegedly use it to write the exploit as well. So, if that is true, that is pretty insane. And that exploit allowed them to bypass two-factor authentication and authenticate straight in. The only thing that was needed was credentials.

[00:05:40]Uh that was it. Another crazy thing is not only did it, you know, use AI to dynamically take actions on your phone, but you could also capture biometric data. This is why I have said many times on this channel not to use biometrics unless you really really trust your device, really trust what you're using.

[00:05:58]Reason is if someone hacks your password or your PIN code, oh man, that sucks.

[00:06:02]That's annoying. Now you got to change your passcode and your PIN code. If someone hacks your biometric data, there is no recourse. You can't like change your barring some crazy surgery, you can't really change that, right? This is something we've seen it many times.

[00:06:13]Governments have been hacked. Their databases have been hacked before that stored biometric data. Unfortunately, when it comes to certain things like immigration at different countries where they scan your biometric data, I think they're even doing that in the US now.

[00:06:24]You kind of have to deal with it. It sucks, but um yeah, they can and very well might be hacked in the future. But just understand anytime you give away biometric data, this is something that is a little bit extra risk. In this case, they were able to capture your biometric data from your phone and then replay it to authenticate against things like your lock screen if you use biometric data to unlock your phone.

[00:06:46]They have the biometric data, they can just unlock it at will. And yeah, fully compromise your device. Now here's the other interesting thing on top of that.

[00:06:53]It was capable of preventing uninstallation by making use of app protection detector. So basically it wrote some overlay, an invisible overlay on top of the uninstall button. So every time you tried to click it, you were clicking the overlay not the button. So like from the user's perspective, it just seemed like the button was like unresponsive. So you essentially couldn't delete it by normal means.

[00:07:15]So yeah, really sophisticated stuff here.

[00:07:18]I mean I guess that's not too sophisticated, but creative, interesting.

[00:07:21]Now we're here as well. You can read more about this. I'll link this article down in the description as well if you guys are interested in deep diving into this. I would definitely recommend you give it a full read cuz there's a lot of really interesting stuff at play here.

[00:07:31]Yeah, another thing is with their C2 server, they you know, they had like Gemini API keys. I guess they probably hosted this maybe in like Google's Cloud or whatever and they had a VNC relay server that could be updated dynamically via the C2 channel. That way if they were detected by defensive countermeasures, they had a backdoor to maintain presence even if they're blocked by defenders.

[00:07:52]But here's some little highlights here that I thought was pretty interesting.

[00:07:56]So China Nexus espionage group dubbed UNC 2814 prompted Gemini by asking it to assume the role of a network security expert to trigger persona-driven in supports vulnerability research into embedded device targets including like a TP-Link I guess like a router or something.

[00:08:14]Right? And so this goes exactly back to what I was talking about with they're able to jailbreak it pretty easily. One of the best ways to do prompt injection is things like hey assume, you know, pretend you're this person or that person, right? So assume the role of a network security expert, right? A lot of times you can bypass these triggers. You might have Maybe some of you guys you sound off in the comments if any of you guys have been using AI for your learning and you got blocked by one of the one of the guardrails and then you just said hey I'm a security researcher, you know, testing something in my home lab and then it's like okay yeah here you go then you can use this. So yeah sometimes it could be really trivial to bypass some of these it really depends.

[00:08:51]I mean yeah North Korean threat actor known as APT 45 sent thousands of repetitive prompts that recursively analyze different CVEs and validate proof-of-concept exploits. Now why is this relevant? Well, if you do something what is called fine-tuning a model, you can take one of these base models and feed in a bunch of data specific to what you're trying to use the AI for and you can get it to be really good at one task. Now here's the caveat to that.

[00:09:16]When you do this fine-tuning essentially, you make it really good at one task, but it gets worse at general purpose tasks. This is the reason that the general purpose AIs like if you just off the shelf use Gemini or Claude or ChatGPT, it's pretty good across the board, but it's it's not like it falls short when you're trying to do very like specific things with a high level of accuracy and detail and stuff like that.

[00:09:41]So that would be a use case we'd want to fine-tune a model uh to do something really specific like in this case vulnerability research. It's going to get worse in general purpose task, but you're not going to use it for general purpose. You'll just use the base model for that and the fine-tuned version is what you're going to use for like your specific use case. So that's kind of what they're doing. They basically fed it in a bunch of proof of concepts for different CVEs so it learned cuz that's the thing about AI it's self-learning, right? So that allowed it to better write exploits and things like that. So then there's a Chinese hacking group APT 27 that leveraged Gemini to speed up the development of fleet management application with the aim likely to manage an operational relay box or network and a cluster of Russian nexus intrusion activity targeted Ukrainian organizations delivered AI-enabled malware. Um these ones here which used LM-generated decoy code to conceal malicious functionality. Yeah, a lot of times there were things that you know you wanted to have a lot of decoy code and benign code because if you just had the exploit it was a lot easier to detect, but if you had like tons of lines of benign stuff a little bit easier to fly under the radar. Now before you had to do that in a more manual way, now you can use AI to really speed that up. But yeah, here they go into what I was just talking about priming the model with vulnerability data facilitates in-context learning to steer the model approach code analysis like a seasoned expert and identify logic flaws that the base model model might otherwise fail to prioritize. Here's the thing as well, the logic flaw part is really huge with AI. This is one of the big developments, you know, when we you know we've had vulnerability scanners for a long time.

[00:11:16]We've had these scanners that go out and try to find security issues in your application. We've been doing that forever.

[00:11:24]But one of the biggest limitations on them we always said like okay, it's really good at finding certain types of bugs other bugs it basically cannot find. Things like logic flaws, business logic flaws, all that stuff. It pretty much couldn't find that. But with AI, it's actually really good at finding these logic flaws, and a lot of times humans are actually pretty bad at finding them as well. So, this is one really good use case of AI, you know, one of the things it excels at is finding these types of flaws. Now, before you run off and say, "Okay, well, now we're completely cooked. There's not going to be any cybersecurity jobs anymore." Understand that there's also some bugs that require a pretty deep knowledge of either the application or like the entire internal environment to be able to uncover cuz they're very nuanced bugs like that.

[00:12:09]AI is not really going to be able to find them because they're going to require so much context in order to be able to spot it as an issue. Now, you could argue, "Well, they'll just feed context to the AI." Well, okay. At a certain point, if you have one tool, one singular tool, AI or not, that knows every single thing about your organization and has privy to all the information to the level that no singular employee would ever have, well, that right there is a security issue, right? So, either way, there's still going to be a need for this stuff. But that is one one thing you guys might want to consider if you're doing pen testing, you're looking to maybe implement some AI into your workflow.

[00:12:46]It's really good at finding these logic flaws traditional tooling was not good at finding. But yeah, they go on to explain some different stats here and showing you kind of how China and different threat actors or in China and stuff are using it. But uh yeah, what do you guys think about this down below? Uh we're really entering an interesting time in cybersecurity. So, if you want to keep upskilling yourself in the AI space and learn more about the prompt injection attacks that I was talking about, check out the video series down in the description below where we deep dive into prompt injection and go through an entire uh I think like eight exercise lab on that to get your hands-on practice there.