Google said it disrupted a criminal group’s plan to exploit an unknown vulnerability after observing threats actors using AI to prepare an attack, including a bypass of two-factor authentication tied to an administration tool. The company framed the incident as proof that “AI-driven vulnerability and exploitation” is already underway. The warning arrives as higher-ed technology leaders grapple with AI-enabled workflows and elevated cybersecurity requirements across campus systems. It also dovetails with broader concerns that AI can accelerate both defensive scanning and offensive operations, compressing patch timelines. For institutions depending on SaaS platforms and connected infrastructure, the development strengthens the case for tighter vulnerability-management SLAs with vendors, incident runbooks that assume exploitation attempts at scale, and governance controls over AI tools that may touch IT operations.