Google's Mandiant M-Trends 2026 report documents the first confirmed AI-generated zero-day exploit blocked in production, adversaries achieving exploitation seven days before patches ship, and industrial-scale LLM use in offensive operations.
Google's Mandiant M-Trends 2026 report documents the first confirmed AI-generated zero-day exploit blocked in production, adversaries achieving exploitation seven days before patches ship, and industrial-scale LLM use in offensive operations.
Anthropic analysed 832 accounts banned for malicious cyber activity and mapped 13,873 attacker actions to MITRE ATT&CK — finding that AI is shifting from initial access to post-compromise work, and that medium-to-high-risk actors grew from 33% to 56% in under a year.
Google's Threat Intelligence Group has confirmed the first known case of a nation-state actor using AI to generate a working zero-day exploit used in an active campaign. APT45 — a North Korean state-sponsored group — automated the discovery and validation of a 2FA bypass using thousands of recursive prompts. The exploit code contained forensic markers of AI generation.