AI-Powered Hacking Has Reached Industrial Scale, Google Warns

Google's threat intelligence group issued a stark warning in May 2026: AI-powered hacking has gone from a niche concern to an industrial-scale threat in roughly three months.

John Hultquist, chief analyst at Google's threat intelligence group, said criminal organizations and state-sponsored actors from China, North Korea, and Russia are using commercial AI models, including Gemini, Claude, and OpenAI tools, to speed up attacks, write better malware, and find vulnerabilities faster than human teams can patch them.

One criminal group came close to executing a mass exploitation campaign using a zero-day vulnerability discovered with the help of a large language model. Google said it blocked the attack before it could be launched.

The Guardian reported on the findings on May 11, 2026, describing the shift as a fundamental change in the threat landscape. Defensive teams that relied on human-speed detection are now facing machine-speed attacks.

In response, OpenAI launched a security-focused AI tool called Daybreak, which integrates GPT-5.5-Cyber and Codex Security capabilities. The tool is designed to help organizations find and patch vulnerabilities faster than attackers can exploit them.

Separately, a ransomware group called ShinyHunters breached the Canvas learning management platform, which is used by schools and universities worldwide. The group claimed to have stolen data affecting up to 275 million records. The breach disrupted services during final exam week at multiple institutions.

Security researchers also disclosed a new Linux vulnerability called Dirty Frag, which allows low-privilege users to gain root access. Exploit code has been leaked online, and signs of active exploitation have been detected.