Tony Anscombe's May 2026 Roundup: AI-Generated Zero-Day, Critical Infrastructure Attacks, and Failed AI-Directed Attacks

In his May 2026 roundup, ESET's Tony Anscombe highlights three major cybersecurity developments: attacks on Polish water treatment facilities, AI-directed attacks that failed in Mexico, and what Google identifies as the first AI-generated zero-day exploit. The video provides technical insight into emerging attack vectors, emphasizing the real-world use of offensive AI and the targeting of critical infrastructure.

The attacks on Polish water treatment facilities underscore the vulnerability of critical infrastructure to cyber threats. While specific details are limited, the incidents highlight the need for robust security measures in water and wastewater systems, which are increasingly targeted by state-sponsored and criminal actors.

In Mexico, AI-directed attacks failed, but the attempt itself signals a worrying trend: threat actors are experimenting with artificial intelligence to automate and enhance their operations. The failure does not diminish the potential for future AI-driven attacks, as the technology continues to evolve.

Perhaps most striking is Google's claim of the first AI-generated zero-day exploit. If confirmed, this would mark a significant milestone in offensive AI, where machine learning models are used to discover and weaponize previously unknown vulnerabilities. This development could lower the barrier for sophisticated attacks, as AI can automate the labor-intensive process of vulnerability research.

The roundup serves as a reminder that the cybersecurity landscape is rapidly changing, with AI playing an increasingly dual role—both as a defensive tool and as an offensive weapon. Organizations must prepare for a future where AI-generated exploits become more common, and critical infrastructure remains a prime target.

For more details, viewers can watch the full video on ESET's WeLiveSecurity platform.