Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UK: Jeremy Clarkson’s Cotswolds pub targeted in cyber attack
September 7, 2025
Jeremy Clarkson’s pub has become the latest victim of cyber-criminals who managed to steal £27,000 from the establishment. The Farmer’s Dog fell prey to hackers who employed sophisticated methods to infiltrate the accounts of the Cotswolds venue during a recent digital assault. The criminals made off with the substantial sum in an attack reminiscent of those ...
- Columbia University data breach hits 870,000 people
September 6, 2025
Columbia University recently confirmed a major cyberattack that compromised personal, financial, and health-related information tied to students, applicants, and employees. The victims include current and former students, employees, and applicants. Notifications to affected individuals began on August 7 and are continuing on a rolling basis. Columbia, one of the oldest Ivy League universities, discovered the breach ...
- CMS Sitecore patches critical zero-day flaw
September 5, 2025
Popular CMS platform Sitecore has patched a critical zero-day vulnerability found to be being abused in cyberattacks. Security researchers from Mandiant observed threat actors exploiting a zero-day flaw to deploy malware, as well as other legitimate software. The flaw stemmed from the use of sample ASP.NET machine keys published in old deployment guides (pre-2017), and is ...
- Range Rover and Jaguar drivers face lengthy repair delays after cyber attack crippled garages
September 4, 2025
More than a million Range Rover and Jaguar drivers could face huge delays in getting their motors repaired after a devastating cyber-attack crippled Jaguar Land Rover. Bosses at Jaguar Land Rover (JLR) were forced to scramble on Sunday, hastily shutting down global computer systems to protect sensitive information. Efforts are still ongoing to reboot the company’s ...
- Palo Alto Networks becomes the latest to confirm it was hit by Salesloft Drift attack
September 3, 2025
The Salesloft Drift incident is quickly turning into the next MOVEit MFT fiasco, as yet another company confirms losing sensitive data in the third-party attack. This time around, it is the American multinational cybersecurity company Palo Alto Networks that confirmed losing customer data and support cases information in the breach. It all began with the sales ...
- Google warns Gmail users to change passwords after data breach
September 3, 2025
Google is warning about 2.5 billion Gmail users to change their passwords or install a passkey following a data breach that has led to a surge in “phishing” email attacks. The data breach that prompted the warning reportedly happened at a Salesforce database that Google uses internally. The compromised information included basic business contact information such ...