Mandiant: Adversaries Now Use AI for Zero-Day Discovery, Autonomous Malware, and Supply Chain Attacks
Mandiant's 2026 report reveals that threat actors are deploying AI to discover zero-day vulnerabilities, generate polymorphic malware, and automate initial access at industrial scale.
Google Threat Intelligence Group (GTIG) and Mandiant have released a comprehensive report detailing how adversaries are now using artificial intelligence to automate zero-day vulnerability discovery, generate autonomous malware, and scale initial access operations. The findings, published on May 11, 2026, mark a shift from theoretical AI threats to practical, industrial-scale offensive cyber operations, with state-sponsored actors from China, North Korea, and Russia leading the charge.
For the first time, GTIG identified a threat actor using a zero-day exploit believed to have been developed with AI. The criminal group planned to use it in a mass exploitation event, but proactive counter-discovery by Google may have prevented its use. State-sponsored actors associated with the People’s Republic of China (PRC) and the Democratic People's Republic of Korea (DPRK) have also demonstrated significant interest in capitalizing on AI for vulnerability discovery, employing persona-driven jailbreaking and specialized security datasets to augment their workflows.
AI-driven coding has accelerated the development of infrastructure suites and polymorphic malware by adversaries. These AI-enabled development cycles facilitate defense evasion by enabling the creation of obfuscation networks and the integration of AI-generated decoy logic in malware linked to suspected Russia-nexus threat actors. Additionally, AI-enabled malware such as PROMPTSPY signals a shift toward autonomous attack orchestration, where models interpret system states to dynamically generate commands and manipulate victim environments, allowing threat actors to offload operational tasks to AI for scaled and adaptive activity.
Adversaries continue to leverage AI as a high-speed research assistant for attack lifecycle support, while shifting toward agentic workflows to operationalize autonomous attack frameworks. In information operations (IO) campaigns, these tools facilitate the fabrication of digital consensus by generating synthetic media and deepfake content at scale, exemplified by the pro-Russia IO campaign “Operation Overload.” Threat actors also pursue anonymized, premium-tier access to models through professionalized middleware and automated registration pipelines to illicitly bypass usage limits.
Supply chain attacks targeting AI environments and software dependencies have emerged as a key initial access vector. Adversaries like “TeamPCP” (aka UNC6780) have begun targeting AI software dependencies, attempting to pivot from compromised AI software to broader network environments for initial access and to engage in disruptive activities such as ransomware deployment and extortion. These attacks align with risks outlined in Google’s Secure AI Framework (SAIF) taxonomy, specifically Insecure Integrated Component (IIC) and Rogue Actions (RA).
Google emphasizes that it is not standing still. The company employs proactive measures including disabling malicious accounts in Gemini, using AI agents like Big Sleep to identify software vulnerabilities, and leveraging Gemini’s reasoning capabilities via CodeMender to automatically fix them. The report underscores that while attackers are innovating with AI, defenders can also harness the same technology to stay ahead.