{"id":18427,"date":"2026-05-14T10:10:38","date_gmt":"2026-05-14T08:10:38","guid":{"rendered":"https:\/\/haimagazine.com\/uncategorized\/the-illusion-of-a-digital-fortress-how-the-foundations-of-security-crumbled\/"},"modified":"2026-05-14T14:45:46","modified_gmt":"2026-05-14T12:45:46","slug":"the-illusion-of-a-digital-fortress-how-the-foundations-of-security-crumbled","status":"publish","type":"post","link":"https:\/\/haimagazine.com\/en\/hai-premium-2\/the-illusion-of-a-digital-fortress-how-the-foundations-of-security-crumbled\/","title":{"rendered":"\ud83d\udd12 The illusion of a digital fortress. How the foundations of security crumbled"},"content":{"rendered":"

A report published in May 2026 by Google Threat Intelligence Group<\/a><\/mark> (GTIG) puts a definitive end to the era of theoretical discussions about the future of online security. For the first time, researchers documented a case in which an active criminal group used a language model to plan and carry out a successful attack. The system created a fully functional exploit program that exploited a zero-day vulnerability\u2014that is, a software flaw that nobody previously knew about and for which no patch yet exists. Moreover, the target wasn’t a trivial bug in code but the foundation of today\u2019s digital trust\u2014the two-factor authentication (2FA) mechanism, a popular system that, in addition to a password, requires an additional code from an SMS or an app.<\/p>

The model carried out work that until now required weeks of painstaking analysis by highly skilled engineers. As summarized by John Hultquist, GTIG’s chief analyst:<\/a><\/mark> “It’s already here. The era of AI-driven vulnerability discovery and exploitation has just arrived.”<\/p>

This incident is direct evidence that AI is no longer just an assistant helping to write phishing messages. It’s taken on the role of an engineer, capable of independently detecting and exploiting complex logic flaws.<\/p>

Just a few weeks earlier, the tech industry was shaken by Anthropic\u2019s decision to suspend the public launch of its latest model called Claude Mythos <\/a><\/mark>. It was argued that the tool exhibits overly dangerous capabilities for finding vulnerabilities in systems. Many analysts saw this as nothing more than a marketing ploy and an exercise in fear-mongering. On May 12, OpenAI officially launched the new platform Daybreak<\/a><\/mark>, built on dedicated GPT-5.5 models. This showed that AI\u2019s analytical capabilities in offense and defense are not the preserve of a single corporation, but a new market standard. Google\u2019s reports demonstrate that this standard is already being actively and effectively used by criminals.<\/p>

How does the machine work?<\/strong><\/h4>

To fully grasp the significance of this discovery, one must understand the difference between traditional vulnerability scanners and a modern generative model. Conventional scanners looked in the code for known patterns, typos or common technical errors, such as poorly secured form fields. However, they were blind to the broader context.<\/p>

The system used in the documented attack demonstrated a completely different level of analysis. It didn\u2019t look for an error in the syntax itself, but “understood” the system\u2019s architecture and the intentions of the person who programmed it. It analyzed the intricate logic of two-step login and noticed that deep in the code there were contradictions concerning exceptions, for example how the system treats trusted devices. What it uncovered is what experts call a semantic vulnerability: the flaw wasn\u2019t that the code was poorly written, but that the very logic of the system\u2019s operation contained an internal contradiction. The model exploited it to create a digital skeleton key and completely bypass authorization.<\/p>

How can analysts be sure that this attack was programmed by a machine rather than by an exceptionally talented human? It was given away by digital \u201cfingerprints\u201d<\/a><\/mark>. The script was written like a textbook example: perfectly formatted, with extensive comments and a helpful navigation menu. Human exploit authors write code concisely and focus solely on the objective. This one looked like a piece of training material. It was also betrayed by a hallucination characteristic of language models: the documentation referred to a non-existent score in the CVSS threat assessment system, which the algorithm simply generated so the report would appear to be a professional audit.<\/p>

Industrial-scale threat<\/strong><\/h4>

A single attack on the login system is just the beginning of the problem. According to the GTIG report<\/a><\/mark>, organized, state-sponsored hacking groups with massive budgets have joined the race. Analysts point to two of them, which demonstrate completely different yet equally troubling strategies.<\/p>

The Chinese group UNC2814 focused on bypassing the built-in safety guardrails of the language models themselves. The hackers instructed the system to assume the role of a “senior security auditor.” This allowed the tool to analyze the software of popular home routers, such as TP-Link, without hesitation, looking for previously undiscovered attack vectors. North Korea\u2019s APT45, by contrast, chose a strategy of aggressive automation. Instead of manually searching for new bugs, it built an automated operations arm that sends thousands of repetitive queries that recursively analyze already known vulnerabilities across various systems and verify whether they can be used to break in. In this way, the state intelligence service is building a ready-made arsenal with almost zero involvement from human operators.<\/p>

New rules of the game<\/strong><\/h4>

For years, when a vulnerability was discovered, companies had days or weeks to create and deploy an update before hackers learned to exploit it. Today, thanks to generative models, that window is disappearing. As security researcher Himanshu Anand stated in a comment<\/a><\/mark> published alongside the GTIG report: “When 10 unrelated researchers find the same bug in 6 weeks, and AI can turn a patch diff into a working exploit in 30 minutes, what exactly is the 90 day window protecting? Nothing.”<\/p>

Experts call this phenomenon Machine Speed. Algorithms strike in fractions of a second. Although today\u2019s security systems also use artificial intelligence to detect threats, a human still most often sits at the end of the decision chain. An analyst who must manually review a generated alert and approve the response loses the race to a fully autonomous attacking algorithm before they even have time to make a decision. The GTIG report is proof that cyber defense can no longer merely “lean on” artificial intelligence under human supervision\u2014it must become equally autonomous. As Hultquist noted<\/a><\/mark>: “Threats operating at machine speed require something more than human-speed defense.”<\/p>","protected":false},"excerpt":{"rendered":"

Artificial intelligence can already independently bypass two-step verification and generate attacks in fractions of a second. We’ve entered the Machine Speed era, in which even the most advanced defense systems are doomed to fail if a human still has to be at the end of the decision chain.<\/p>\n","protected":false},"author":465,"featured_media":18414,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"rank_math_lock_modified_date":false,"footnotes":""},"categories":[832,796,837],"tags":[],"popular":[],"difficulty-level":[38],"ppma_author":[892],"class_list":["post-18427","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-editors-picks","category-hai-premium-2","category-safety-2","difficulty-level-medium"],"acf":[],"authors":[{"term_id":892,"user_id":465,"is_guest":0,"slug":"kmironczuk","display_name":"Krzysztof Miro\u0144czuk","avatar_url":{"url":"https:\/\/haimagazine.com\/wp-content\/uploads\/2025\/10\/awatar-2.png","url2x":"https:\/\/haimagazine.com\/wp-content\/uploads\/2025\/10\/awatar-2.png"},"first_name":"Krzysztof","last_name":"Miro\u0144czuk","user_url":"","job_title":"","description":"Od lat zajmuj\u0119 si\u0119 nowymi technologiami w biznesie, edukacji i codziennym \u017cyciu. W centrum mojej uwagi pozostaje cz\u0142owiek \u2013 i to, by technologia wyr\u00f3wnywa\u0142a szanse, zamiast tworzy\u0107 bariery."}],"_links":{"self":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts\/18427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/users\/465"}],"replies":[{"embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/comments?post=18427"}],"version-history":[{"count":1,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts\/18427\/revisions"}],"predecessor-version":[{"id":18428,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/posts\/18427\/revisions\/18428"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/media\/18414"}],"wp:attachment":[{"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/media?parent=18427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/categories?post=18427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/tags?post=18427"},{"taxonomy":"popular","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/popular?post=18427"},{"taxonomy":"difficulty-level","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/difficulty-level?post=18427"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/haimagazine.com\/en\/wp-json\/wp\/v2\/ppma_author?post=18427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}