Google's Threat Intelligence Group detected the first confirmed AI-authored zero-day exploit in the wild—a Python script bypassing two-factor authentication in a popular open-source web admin tool, intercepted before criminals could launch a mass exploitation campaign.
Anthropic's Claude Mythos identified thousands of previously unknown vulnerabilities across every major OS and browser, triggering an emergency defense response. The model is restricted to ~40 vetted U.S. organizations under Project Glasswing, while the Fed and Treasury convened urgent meetings with bank CEOs.
PDF remains one of the most reliable delivery systems in computing, and attackers know it. Adobe’s fix for CVE-2026-34621 matters because the bug was already being used in the wild for months before the patch arrived.