THE report from the Google Threat Intelligence Group (GTIG) discusses the evolving use of AI in cyber threats as of May 2026. It highlights several key trends:
1. **Vulnerability Exploitation**: GTIG identified threat actors using AI to create zero-day exploits, particularly from state-sponsored groups like China and North Korea.
2. **Malware Development**: AI-enhanced tools are facilitating the development of polymorphic malware, boosting adversaries' operational capabilities.
3. **Autonomous Malware**: Tools such as PROMPTSPY demonstrate the rising trend of AI-enabled malware capable of autonomous operation and decision-making.
4. **Information Operations**: Adversaries utilize AI to generate synthetic content, including deepfake media, enhancing their propaganda efforts, exemplified by campaigns like "Operation Overload."
5. **Abuse of AI Models**: Threat actors are seeking unauthorized access to premium AI models, utilizing middleware to bypass restrictions.
6. **Supply Chain Risks**: Attacks targeting AI environments highlight vulnerabilities in AI dependencies, allowing actors to exploit AI systems indirectly.
7. **Proactive Measures by Google**: GTIG emphasizes its commitment to identifying and mitigating these threats through continuous research, product enhancement, and collaboration within the security community to boost defenses against AI-enabled attacks.