Everyone's getting hacked

· Source: Matthew Berman · Field: Technology & Digital — Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, extended

Summary

AI-powered cyber threats are rapidly escalating, with Google's threat intelligence group detecting the first AI-discovered zero-day exploit and the widespread "Shy Hallude" npm worm. This surge is attributed to AI accelerating code generation, increasing attack surface, and enabling easier development of sophisticated hacking tools and polymorphic malware. Major incidents, such as the Vercel security breach in April 2026, have been explicitly linked to AI acceleration. While frontier models like GPT 5.5 Cyber and Anthropic's Mythos are being developed for cyber defense, often with strong guardrails, open-source AI models, despite being less powerful, enable malicious actors to conduct a higher volume of lower-value attacks, making them economically viable. The prevailing defense strategy posits that superior AI models, backed by national resources, will ultimately prevail in defense against weaker, less resourced adversarial AI.

Key takeaway

For CTOs and security leaders evaluating their cyber defense posture, the increasing sophistication and volume of AI-powered attacks necessitate a proactive "AI vs. AI" strategy. You should prioritize investing in advanced AI-driven security solutions and hardening critical systems with frontier models, recognizing that while state-level actors may wield the most powerful AI, open-source models enable a long tail of economically viable, high-volume attacks against less protected targets. Consider implementing robust supply chain security and employee training against AI-enhanced social engineering.

Key insights

AI is rapidly accelerating both cyber attack capabilities and defensive measures, creating an "AI vs. AI" security paradigm.

Principles

Method

Google's GTIG tracks AI-enabled operations, from vulnerability exploitation to augmented operations and initial access, using insights from Mandiant and Gemini to highlight AI's dual role as both an attack engine and a target.

In practice

Topics

Best for: CTO, VP of Engineering/Data, Investor, AI Security Engineer, Director of AI/ML, Policy Maker

Related on AIssential

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by Matthew Berman.