Descriptions:
Matthew Berman breaks down what he describes as a genuine turning point in AI-enabled cybercrime, covering several concurrent threats that are converging in early 2026. The video opens with Google’s Threat Intelligence Group confirming the first known instance of a threat actor using an AI-developed zero-day exploit in the wild — a significant milestone given that zero-days are typically hoarded and deployed in coordinated mass attacks rather than expended individually.
The second major incident is the Shy Halud worm, an active npm supply chain attack that plants a watcher on compromised machines and triggers destructive payloads if a stolen GitHub token is revoked. At the time of the video, the worm had expanded to 373 malicious package versions across 169 npm package names — including high-profile projects tied to UiPath and Mistral — and had crossed from npm into PyPI. Berman connects this to credentials stolen in earlier Team PCP attacks that most teams have not yet rotated.
Berman argues that AI is amplifying both sides of this threat landscape: more code is being written faster (including by non-technical vibe coders who don’t review what their agents install), while attackers are using AI as a high-speed research assistant and exploiting AI development environments as initial access vectors. He also covers AI-enhanced phishing and deepfakes, and references Pinrop Security’s work on detection. The video closes with a discussion of whether this strengthens or weakens the case for open-source models and Anthropic’s decision not to release its Mythos model.
📺 Source: Matthew Berman · Published May 13, 2026
🏷️ Format: News Analysis
