AI Hackers Caught Mid-Heist: Will Machines Steal Your Crypto Next?

by

Google’s Threat Intelligence Group, that paragon of vigilance, recently intercepted a criminal cabal attempting to deploy an AI-crafted zero-day exploit-a feat so audacious it might have made a Victorian burglar blush. The attack, thwarted before it could unleash chaos, marks the dawn of a new era where machines conspire to outwit their creators.

In this brave new world, malevolent code is now penned by large language models, weaving through the digital landscape like a particularly sly fox in a henhouse. Defenders, armed with their own AI hunters, now scurry to keep pace, their efforts resembling a game of chess played by automatons with a penchant for sabotage.

How the AI Zero-Day Exploit Worked

The nefarious Python script, a marvel of digital subterfuge, managed to bypass two-factor authentication on an open-source system administration tool. Google, ever the mysterious oracle, has chosen not to name the vendor-a decision as perplexing as it is prudent.

The Google Threat Intelligence Group has detected the first known instance of a threat actor using an AI-developed zero-day exploit in the wild. While the attackers planned a wide-scale strike, our proactive counter-discovery may have prevented that from happening. This finding…

– News from Google (@NewsFromGoogle) May 12, 2026

Follow us on X to get the latest news as it happens

Telltale signs of an AI author abounded: the script boasted tutorial-style docstrings and a CVSS score so absurdly fabricated it could only have been dreamed up by an algorithm with a flair for the theatrical. Human researchers, it seems, lack the imagination to concoct such nonsense.

Google assures us their Gemini model is innocent of these machinations. John Hultquist, GTIG’s chief analyst, warned that subtler AI-assisted intrusions may already be in motion, undetected-a claim as ominous as it is inevitable.

“Each new generation of models will reduce the need for expert-developed harnesses, but they are almost certainly out there. We have to recognize the limits of our visibility into the backend of spies and criminals. The signs won’t be obvious. The race has started already,” he said.

Defenders Push Back

The report also flagged Russian-linked malware families PROMPTFLUX and PROMPTSPY, an Android backdoor that pings Gemini in real time to plan its next action. State-linked Chinese and North Korean operations, in a spirit of international camaraderie, are training private models on a dataset of 85,000 vulnerabilities.

Google, ever the innovator, has countered with Big Sleep, an AI agent that hunts zero-days before attackers can find them, and CodeMender, an automated patching system. Big Sleep has already closed a flaw that hackers were preparing to weaponize-a feat akin to a watchdog catching its own tail.

Why Crypto Should Watch

The gap between attack and defense sharpens with each passing day. Binance Research recently found that AI agents exploit smart contracts twice as well as they detect threats. Earlier reporting revealed how Google AI tools can help scammers drain wallets, while a fresh Chrome flaw recently exposed private keys-because nothing says “trust” like your browser betraying you in the dead of night.

Exchanges, now deploying their own AI shields, find themselves in a Sisyphean struggle. The bar keeps climbing, but perhaps the real tragedy is that the machines are better at climbing than we are.

When AI hits security there will be signs

– Kevin Kwok (@kevinakwok) April 30, 2026

With both sides now fielding autonomous agents, the next zero-day may surface from a machine on either bench. One can only hope the machines remember to leave us a few crumbs of security-or at least a decent Wi-Fi password.

Read More

2026-05-12 18:55