Article image
SEIKOURI Inc.

AI Found the Door

When attackers use AI to discover vulnerabilities, cybersecurity stops being a tooling problem and becomes an operating-speed problem.

Markus Brinsa 21 May 19, 2026 8 8 min read Download Web Insights Edgefiles™ seikou.AI™

Sources

The Cyber Threat Model Just Changed

For years, most corporate AI conversations treated cybersecurity as a familiar problem with a new accelerator attached. Attackers would write phishing emails faster. Malware authors would clean up code faster. Junior criminals would sound more professional. Security teams would buy better detection tools, add another dashboard, and move on.

That view is now too small.

Google’s Threat Intelligence Group has reported what it describes as the first case in which attackers used AI to discover a previously unknown vulnerability and develop an exploit for it. The planned attack targeted a widely used open-source system administration tool and was apparently stopped before it could become a mass exploitation event. The target was not named. The group was not named. The point does not depend on either name.

The important change is operational. AI is moving from helper to participant.

That does not mean fully autonomous cyberwar has arrived. It does not mean every attacker now has a magic exploit engine. It does mean that the old distinction between “human attacker” and “software tool” is becoming harder to defend. When a model can analyze code, infer a hidden trust assumption, generate exploit logic, revise the attack path, and support scale, the threat model has changed.

For companies, this is not only a cybersecurity issue. It is a governance issue. It changes how boards should think about exposure, how vendors should be evaluated, how banks should stress-test resilience, how infrastructure operators should plan for failure, and how AI access itself becomes a strategic resource.

Faster scripting was never the real story

Most early commentary about AI-enabled cyber risk focused on speed. Attackers could write better phishing emails. They could generate scripts more quickly. They could translate scams into cleaner English. They could automate reconnaissance.

That was true, but incomplete. Speed matters when the underlying activity is already known. A faster phishing campaign is still a phishing campaign. A faster malware variant is still a malware variant. A faster script is still executing an attacker’s chosen idea.

The Google report points to something more serious: AI as a vulnerability-discovery and exploit-development layer. That changes the economics of attack. The scarce resource in advanced cyber operations has traditionally been expertise. Finding subtle flaws, understanding trust assumptions, weaponizing them, and preparing them for scaled use required a mix of skill, time, infrastructure, and discipline.

AI does not eliminate that burden. It compresses parts of it.

The difference is not that attackers can now type faster. The difference is that parts of the reasoning workflow can be delegated. A model can examine patterns at a scale no human team can sustain. It can test hypotheses. It can generate code. It can produce variations. It can help transform a suspicious weakness into an operational path.

That is the shift from assistant to operator.

The first-order risk is the patch window

The most practical consequence is brutally simple: the time between vulnerability discovery and attempted exploitation is shrinking.

Cyber defense has always depended on delay. A flaw is discovered. A vendor investigates. A patch is developed. Customers are notified. Security teams prioritize. Systems are updated. Exceptions are handled. Legacy environments wait. Procurement rules slow deployment. Production risk slows patching. Every company lives inside that delay.

AI-enabled vulnerability discovery attacks the delay itself.

When models become better at finding flaws and generating exploit paths, organizations lose the luxury of slow remediation. This is why financial regulators are becoming visibly uncomfortable. Banks do not only run software. They run trust, liquidity, payment rails, identity systems, counterparties, and operational continuity. A synchronized exploitation campaign against widely used infrastructure can become more than an IT incident.

The same logic applies to hospitals, utilities, logistics providers, telecom networks, cloud services, and public administration. The most exposed organizations may not be the ones with the worst security posture. They may be the ones with the slowest governance around remediation.

A minor vulnerability that once sat in the queue for a quarterly update may no longer deserve quarterly treatment. The question becomes whether the organization can classify, test, approve, and deploy fixes at the speed of the new threat environment. Many cannot.

Vendors now carry a different kind of burden

The Google case also highlights a hard truth about software supply chains. The vulnerability reportedly involved a widely used open-source system administration tool. That detail matters. Attackers do not need to breach every organization directly when they can find weaknesses in shared components, admin tools, identity layers, remote access systems, monitoring systems, developer tools, and management interfaces.

These are attractive targets because they sit close to authority. They often have privileged access. They are trusted by design. They may be deployed across many organizations with uneven patch discipline.

This is where vendor governance becomes more serious than vendor questionnaires.

Companies can no longer treat cyber due diligence as a procurement ritual where suppliers provide certifications, policies, and reassuring language. The relevant questions are operational. How fast does the vendor disclose? How fast can it patch? How does it monitor abuse? What telemetry does it share? What happens when a model-assisted exploit appears before conventional scanning tools detect the pattern? How does the vendor validate trust assumptions inside authentication logic, authorization flows, and administrative paths?

The answer cannot be “we use AI for security.” Everyone will say that.

The useful answer will describe the control environment. It will show how vulnerabilities are found, triaged, tested, disclosed, patched, monitored, and audited. It will explain who has authority to act when exploitability rises faster than the normal release cycle. It will show how critical customers are notified before the press release and after the first patch.

Vendor risk has always been a board issue in theory. AI-enabled exploitation makes it a board issue in practice.

Defensive AI access is becoming strategic

One of the most important parts of the current cyber conversation is the uneven distribution of defensive capability.

Anthropic’s Mythos Preview has been described as capable of finding and exploiting zero-day vulnerabilities in real-world software. Because of the risk, access has been restricted. Defensive programs such as Project Glasswing are intended to help selected organizations find and fix weaknesses. Financial regulators are already worried that some banks and regions may gain access to advanced vulnerability-finding tools before others.

That creates a new strategic question: who gets the defensive AI before attackers get comparable offensive capability?

For large financial institutions, critical infrastructure operators, cloud providers, and major software vendors, access to advanced defensive models may become a material resilience advantage. The organizations that can run high-quality AI-assisted vulnerability discovery against their own systems will be able to close gaps earlier. Those without access may remain dependent on slower vendor cycles, conventional scanners, consultant reports, and incomplete visibility.

This is not a normal tooling preference. It is becoming part of the resilience architecture.

There is also a geopolitical dimension. If frontier vulnerability-discovery capability is concentrated in a few companies, countries, or industry consortia, access becomes power. Regulators will ask whether critical sectors can defend themselves without depending entirely on private model providers. Banks will ask whether restricted access leaves them exposed. Governments will ask whether defensive models should be treated as strategic infrastructure.

Those questions will not stay academic for long.

Runtime cyber governance must become real

The phrase “AI governance” is often used as if it means policy, committee structure, vendor review, acceptable-use rules, and training. Those things matter. They are not enough for this problem.

Cyber governance in an AI-enabled threat environment has to move closer to runtime.

That means controls that operate when systems are being accessed, when code is being deployed, when authentication is being attempted, when privileges are being escalated, when unusual behavior appears, and when patch urgency changes. Governance cannot live only in quarterly reports and annual assessments. The attacker will not wait for the steering committee.

Runtime cyber governance starts with authority boundaries. Which systems can act automatically? Which actions require human approval? Which users and services can access privileged tools? Which AI systems can inspect code, generate exploit simulations, or run security tests? What logs prove that decisions were made correctly? What is blocked by design rather than discouraged by policy?

It also requires faster escalation paths. If a model-assisted exploit targets a shared administrative tool, the company needs a way to cut through normal inertia. Legal, security, operations, vendor management, communications, and executive leadership cannot discover each other during the incident. The coordination model has to exist before the exploit lands.

The companies that treat AI cyber risk as a product-selection problem will buy tools and remain exposed. The companies that treat it as an operating-model problem will redesign authority, escalation, remediation, and evidence. That is the real divide.

The board question has changed

Boards do not need to become exploit developers. They do need to stop asking generic questions.

“Are we using AI in cybersecurity?” is too weak.

A better question is whether the organization can withstand machine-speed vulnerability discovery and exploitation against its most critical systems, suppliers, identity layers, and administrative tools.

That question forces a different conversation. It moves the company away from AI theater and toward operational evidence. It asks whether patch cycles match the threat environment. It asks whether vendor dependencies are mapped by criticality. It asks whether access to defensive AI is available, monitored, and controlled. It asks whether the company can prove which systems are exposed, which compensating controls exist, and who can authorize emergency action.

It also asks whether the organization understands its own AI attack surface. As companies connect AI systems to data, workflows, code repositories, customer systems, developer tools, and operational platforms, they create new paths for abuse. Attackers will not only use AI against companies. They will target the AI systems companies are adopting.

A chatbot connected to nothing is a reputation risk. An agent connected to tools, credentials, documents, and workflows is a security boundary. Many companies still do not treat it that way.

The new discipline is strategic resilience

AI cyber shift cannot be handled as another technology adoption curve. It requires strategic resilience: the ability to understand where capability is moving, where exposure is accumulating, where vendors are becoming critical dependencies, and where governance must be enforced before consequences appear.

That work is not glamorous. It is not solved by a single model, dashboard, policy, or platform. It requires mapping decision rights, technical dependencies, supplier exposure, authority paths, escalation triggers, and evidence standards. It requires asking where AI should be used defensively, where it should be constrained internally, where human approval remains mandatory, and where slow processes have become dangerous.

The companies that get this right will not be the ones that issue the loudest AI strategy statements. They will be the ones that know which systems matter, which vendors matter, which controls are enforceable, which patches cannot wait, and which AI capabilities they must access before their adversaries do.

Google’s report should not be read as a sensational milestone. It should be read as a warning that the operating tempo of cyber risk is changing.

The attacker is no longer only using AI to write better emails. The attacker is beginning to use AI to look for the door.

About the Author

Markus Brinsa is the Founder & CEO of SEIKOURI Inc., an international strategy firm that gives enterprises and investors human-led access to pre-market AI—then converts first looks into rights and rollouts that scale. As an AI Risk & Governance Strategist, he created "Chatbots Behaving Badly," a platform and podcast that investigates AI’s failures, risks, and governance. With over 30 years of experience bridging technology, strategy, and cross-border growth in the U.S. and Europe, Markus partners with executives, investors, and founders to turn early signals into a durable advantage.

©2026 Copyright by Markus Brinsa | SEIKOURI Inc.