Researchers Discover Security Vulnerability in Google AI Chatbot

Artifical Intellegence , Tuesday, 07 July 2026
Posted by Rima Dwi Astuti

Artificial intelligence (AI) is no longer just a tool to improve productivity. It is now also being used by cybercriminals to find and exploit software vulnerabilities.

On May 11, 2026, Google’s Threat Intelligence Group (GTIG) revealed the first confirmed case of a hacker using an AI model to discover a zero-day vulnerability and create a working exploit.

A zero-day vulnerability is a software flaw that is unknown to the developer, meaning no security patch is available. In the past, finding these flaws usually required highly skilled security researchers.

AI helped find and exploit the vulnerability

The attack targeted a Python script used in a popular open-source system administration tool. The vulnerability allowed attackers to bypass two-factor authentication (2FA).

Google said it has high confidence that an AI model played a key role in discovering the flaw and writing the exploit. The conclusion was based on the code structure, comments, and other technical evidence found in the attack.

However, Google clarified that the AI model used by the attackers was not Gemini, its own AI chatbot.

The company also confirmed that the planned large-scale attack was stopped before it could be widely carried out.

Gemini had separate security issues

Although Gemini was not involved in this attack, Google’s AI chatbot has faced its own security problems.

In September 2025, cybersecurity firm Tenable found three vulnerabilities in Gemini that could have allowed sensitive user data to be stolen under certain conditions. Google later fixed those issues.

In March 2026, Palo Alto Networks also reported a high-severity security flaw, tracked as CVE-2026-0628, affecting the Gemini side panel in the Chrome browser. The vulnerability could have allowed attackers to gain higher system privileges.

To strengthen AI security, Google expanded its AI Vulnerability Reward Program in October 2025, offering rewards to researchers who discover and report AI-related security flaws.

No direct impact on crypto

So far, there is no evidence that these incidents have directly affected the cryptocurrency market. No blockchain network, crypto protocol, or digital asset was targeted.

However, the exploit involved bypassing two-factor authentication (2FA), which is a key security feature used by most centralized cryptocurrency exchanges. The incident highlights the growing cybersecurity risks as AI becomes more advanced.

Supported by
DepoCrypto.com © 2023