Zero-Day AI
We’re seeing a very specific shift in the security landscape: artificial intelligence is showing up not just in products, but in the raw material of attacks and the raw material of the internet itself.
Start with reporting from The New York Times. Google’s Threat Intelligence Group told the paper it saw a criminal hacking group use AI to help discover and weaponize a previously unknown, “zero-day” software vulnerability—Google says it moved quickly to notify the maintainer so it could be patched, and noted the model involved was not Google’s own Gemini. That matters because it’s a concrete, named example of AI being implicated in the creation of an exploit, not simply the automation of spam or the drafting of phishing emails.
Then, The Verge separately reported on Google intercepting what it described as a zero-day exploit developed with AI assistance—again tied to an attempt to bypass two-factor authentication in an open-source, web-based system administration tool. Google described telltale signs in the exploit code, including things like unusually “textbook” formatting and even a fabricated CVSS score. Whether or not every detail holds up over time, the observable point is that major threat intelligence teams are now treating “AI involvement” as a working hypothesis during live investigations.
At the same time, the web itself is being flooded with machine-made material. 404 Media covered research using Internet Archive snapshots suggesting that by mid-2025, roughly a third of newly published websites were classified as AI-generated or AI-assisted—up from essentially none before late 2022. That’s not a prediction; that’s a measured change in what’s being published.
And it’s not just text. VentureBeat and The Next Web both covered OpenAI’s push on real-time voice—new models like GPT‑Realtime‑2 and related translate and transcription components—paired with claims of much stronger “reasoning,” longer context windows, and pricing that makes high-volume voice applications more accessible. Separately, WIRED reported on research into cybercrime forums showing criminals themselves complaining about “AI slop” flooding their spaces—an indicator that the volume of synthetic content has become a noticeable operational factor even inside attacker communities.
Speed Gap
The mechanism is not that AI magically creates new categories of risk. It is that AI turns security work into repeatable workflows at machine speed. Discovery, code review, exploit development, patch validation, impersonation, and investigation all become faster, cheaper, and easier to run again. That changes the operating environment for defenders and attackers at the same time.
The Hacker News reports OpenAI launching Daybreak, pairing advanced models with tooling like Codex Security for secure code review, threat modeling, dependency risk analysis, and automated patch validation. The important point is not simply “AI for security.” It is that work that used to depend on scarce expert judgment is being converted into a pipeline: inspect the code, identify the dependency risk, model the threat, validate the patch, and repeat. Defenders are trying to compress the time between finding a weakness and proving it has been fixed.
Attackers get the same structural advantage when environments are loosely governed. The Record describes a supply-chain compromise of Daemon Tools installers, where the leverage came from tampering with a distribution path instead of attacking endpoints one by one. TechCrunch, citing SentinelOne research, describes “PCPJack,” where one group targets systems already compromised by another group and spreads like a worm across exposed cloud services. Those are not just separate incidents. They show why speed matters: when software distribution, cloud exposure, identity, and patch state are unevenly controlled, attackers can reuse the system’s own complexity as infrastructure.
That is the causal shift. AI compresses the work of finding, shaping, and validating attacks. Weak operational governance expands the attack surface those workflows can use. So the risk is not just more attacks. It is less time to respond, less confidence in what is real, and more pressure on the provider to prove what was patched, who had access, what path was trusted, and what actually happened.
Prove It
The failure mode is not “AI causes more cyberattacks.” The failure mode is that AI compresses the time between discovery and exploitation, while also making deception cheap enough to scale across normal business workflows. That breaks controls that depend on slow attacker development, human recognition, informal approval, and after-the-fact reconstruction. The exposed party is the client, because the immediate damage is fraudulent payment, unauthorized access, downtime, or disputed liability. But the accountability quickly reaches the MSP when the disputed systems are identity, email, endpoint management, patching, cloud permissions, logging, retention, or incident response. That is why the service implication is not just better detection. It is evidence: proof of patch state, proof of identity activity, proof of approval path, proof of message provenance, and proof that the incident timeline can be reconstructed.
Here’s one proof point from the small-business side. SmallBizTrends highlighted findings from a 2026 workforce password security report covering thousands of businesses: the threats are the same familiar ones—phishing, weak passwords, reused credentials—but the defenses are not there. Only about a quarter of organizations report using a dedicated password manager. And there’s an 82-point gap between belief and readiness on AI-powered security—lots of optimism, almost no operational capability. That gap is where MSPs live, because when the client is getting hit with enterprise-grade credential attacks and the basics still aren’t standardized, the provider is the only place “security” can become repeatable.
Now take the second proof point from the compliance and investigation side. ChannelLife covered Proofpoint launching Prism Investigator, an autonomous investigations platform built to reconstruct events across fragmented communication channels—building timelines and case summaries, with an audit trail of what the investigator did and what the AI reasoned. Whether a client uses Proofpoint or not, the direction is clear: the expectation is moving toward defensible reconstruction. Not just detection. Not just “we think.” A narrative you can stand behind.
Put those together and the MSP consequence tightens to one thing: the client will demand operational certainty in environments that are getting more automated and more ambiguous at the same time. And that lands as a strategic fork.
Either the MSP becomes the provider that simplifies and governs the automation layer—inventory, access boundaries, logging, retention, rollback, and evidence—or the MSP becomes the default absorber of complexity, expected to explain and fix systems nobody scoped, nobody standardized, and nobody priced.
Why Do We Care?
A smart skeptic will say: “This is overblown—SMBs aren’t running exotic AI agents, and we already do security, so this is just more noise.” That’s a fair objection—until the first time an impersonation, a bot-driven access path, or an AI-assisted exploit forces a client to ask for proof, not confidence. It’s not about how advanced the client’s AI is. It’s about whether you can produce evidence when the incident is AI-shaped.
The bad decision is to underprice and underscope security because the client is not using advanced AI, while ignoring that the attack, impersonation, and evidence burden are already being shaped by AI.
What to Consider
- Build a provenance verification workflow into your security stack. As synthetic content floods communication channels, clients will face impersonation scenarios — vendor fraud, executive impersonation, fake invoices — that bypass traditional email security because the content is technically legitimate. The control layer here is identity and out-of-band verification protocols, not content filtering. Standardize a verification playbook and make it part of your security onboarding.
- Treat AI-assisted exploit velocity as a patching SLA problem. If your current patch cycle is 30 days for non-critical vulnerabilities, the compression of exploit development timelines means that window is now operationally dangerous. Tighten validation cycles and build automated patch state confirmation into your reporting — because “we applied the patch” and “we confirmed the patch is effective” are different claims, and only the second one holds up under scrutiny.
- Standardize incident evidence retention. Define which logs, approval records, identity events, endpoint history, and communication records are retained by default, how long they are kept, and how quickly they can be assembled into an incident timeline. If the client expects proof after an AI-shaped event, retention cannot be informal.
If this trend continues, MSP security retainers will stop being priced around tool stacks and start being priced around evidence guarantees — how quickly the provider can validate patch state, reconstruct identity activity, prove message and content provenance, and produce a defensible incident timeline after an AI-shaped event.