AI Accelerates Cyber Attacks, But Will Patch Them All
Matthew Bermango watch the original →
the gist
AI empowers hackers with zero-day exploits, worms, and evasion tools, but superior defensive AI and economic barriers will expose and eliminate most vulnerabilities within 2-3 years.
AI's Dual Role in Cyber Offense and Defense
Matthew Berman warns that AI has made cybercrimes easier and more profitable, citing Google's detection of the first AI-discovered zero-day exploit used in the wild by a threat actor. This exploit targeted live systems before patches existed, with attackers planning mass deployment but thwarted by Google's proactive AI counter-discovery. Berman emphasizes AI's superiority for vulnerability hunting: it scans code 24/7, understands patterns better than humans, and thrives on public open-source repos. However, frontier models like GPT-5.5 Cyber and unreleased Mythos have strong guardrails blocking malicious use, forcing attackers to distilled, open-source alternatives run locally at near-zero cost.
Defensive AI mirrors this: Google's Threat Intelligence Group (GTIG) uses models like Gemini for threat tracking, while models like Mythos proactively patch flaws. Nvidia CEO Jensen Huang frames it as "my AI versus your AI," where better-resourced good-guy AI prevails due to massive compute needs—billions in data centers, electricity, and talent create economic disincentives for criminals, except state actors like China and North Korea.
"GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI." — Google Threat Intelligence Group, highlighting the first real-world AI-generated exploit, which underscores AI's edge in churning through codebases tirelessly.
"We believe the attacking group to be highly sophisticated and I strongly suspect significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel." — Guillermo Rauch, Vercel CEO, on the April 2026 breach via a compromised AI platform (Context.ai), where attackers rapidly pivoted internally.
Supply Chain Attacks Explode with Vibe Coding
AI-driven coding booms—more code from agents, less review—expands attack surfaces. The Shy Halud worm exemplifies this: starting as an npm supply chain attack with a dead man's switch (nukes home dir on GitHub token revocation), it spread to 373 malicious packages across 169 names (Tanstack, Mistral, UiPath, etc.), then PyPI. Team PCP attacks stole credentials unrotated by many teams, fueling worms that infiltrate AI/coding environments for ransomware pivots.
Attackers leverage AI for polymorphic malware, obfuscation networks, autonomous agent harnesses (like /goal in Codex, running indefinitely), and high-speed research. Distillation hacking evades limits via anonymized premium access, trial abuse, and middleware. Berman admits guilt in "vibe coding" without reviews but notes his low-stakes personal use; scaled products amplify risks.
"Far more code is being written... Far more people are vibe coding without reviewing what their agents install." — Berman, explaining why supply chain volume surges, as AI lowers barriers for both devs and hackers to spin up tools.
State Actors and Broader Threats
China- and North Korea-linked groups show heavy AI interest in exploits. Phishing evolves to deepfakes; Berman recounts Pinrop Security's warnings and advises code phrases for family (e.g., against fake jailbail scams). AI augments evasion: decoy logic, proxy networks. Google notes industrial-scale genAI in adversarial workflows, targeting AI deps per Secure AI Framework.
Vercel notified law enforcement despite their limited tech savvy, praising their transparency. Berman critiques: sophistication gaps hinder response.
"AI is not creating these vulnerabilities... it is just accelerating the discovery of these vulnerabilities." — Berman, countering blame on AI, stressing human-coded flaws pre-exist; AI merely speeds exposure.
Tipping Point: Vulnerability Apocalypse to AI-Patched Future
Berman predicts a 2-3 year horizon: AI exposes all flaws, then AI-written software (bug-free) emerges post-patching frenzy. Counterarguments like poisoned weights exist but pale against acceleration. Open-source vulnerability aids discovery but enables fixes; closed-source black boxes resist but lag.
Economic edge favors defenders: U.S. ecosystem monetizes via token sales. Malicious actors lag without scale, relying on cheaper, guardrail-free models.
"Soon every piece of software in the world will have their vulnerabilities exposed and then shortly after no software will have vulnerabilities." — Berman, forecasting the post-exposure era where AI dev eliminates flaws, based on recent 6-month leaps.
Key Takeaways
- Review AI-generated code installs rigorously; vibe coding scales risks exponentially.
- Use code phrases with family to counter deepfake phishing.
- Prioritize open-source models locally for agents, but secure infra (e.g., Genspark Claw for hosted OpenClaw).
- Expect AI-patched software dominance in 2-3 years; hoard zero-days now lose value fast.
- Bet on defensive AI: economic moats ensure good-guy models outpace criminal ones, except states.
- Rotate credentials post-attacks like Team PCP; monitor npm/PyPI for worms like Shy Halud.
- Frontier guardrails block misuse; attackers distill weaker models for scale.
- Transparency like Vercel's builds trust; notify experts early.
- AI accelerates both attack discovery and patching—net positive long-term.