Based on the Google Cloud / Mandiant Report: Defending Your Enterprise When AI Models Can Find Vulnerabilities Faster Than Ever
A Battlefield Rewritten by AI
Cybersecurity has long been a race against the clock — attackers needed weeks or even months to discover vulnerabilities and build exploits, while defenders used that window to patch systems and reduce their exposure. Historically, uncovering novel vulnerabilities and developing zero-day exploits demanded significant time, specialized expertise, and substantial resources.
That foundational assumption is now collapsing.
Today, highly capable AI models are increasingly demonstrating the ability not only to identify vulnerabilities, but to help generate functional exploits — dramatically lowering the barrier to entry for threat actors. As these capabilities continue to advance, exploit development will become achievable for threat actors of every skill level, compressing attack timelines to an unprecedented degree.
This article uses the Google/Mandiant report as its foundation to systematically map the full landscape of AI use cases in cybersecurity, and builds upon that foundation with extended analysis — exploring what this transformation means for enterprises, security practitioners, and the industry at large.
AI on the Offensive: Use Cases from the Threat Actor's Perspective
Before understanding defense, we must first understand how AI is rewriting the rules of offense.
Automated Vulnerability Discovery
Traditional vulnerability research has relied on manual code auditing, fuzzing, and similar techniques — time-consuming, resource-intensive, and heavily dependent on specialized human expertise. AI models, and large language models (LLMs) in particular, have demonstrated the ability to perform semantic-level analysis of codebases, identifying logic flaws, race conditions, and privilege-bypass paths that human reviewers are likely to miss.
Advanced AI models are increasingly proving capable of identifying vulnerabilities and helping generate attack methods — even when those models were not purpose-built for the task. The barrier to entry is falling rapidly.
Key scenarios:
- Large-scale AI scanning of open-source code repositories to batch-harvest CVEs
- Targeted, bespoke vulnerability analysis against specific software products
- Automated detection of hidden backdoors in supply chain code (from the attacker's vantage point)
Automated Zero-Day Exploit Generation
A significant technical barrier has historically separated vulnerability discovery from the construction of a functional, weaponizable exploit. Continuous advances in AI capability are making exploit development increasingly achievable for threat actors across the full skill spectrum, substantially compressing the attack timeline.
Google's Threat Intelligence Group (GTIG) has already observed threat actors leveraging LLMs for this purpose, and has tracked the marketing of such AI-powered tools and services in underground forums.
The economic implications are profound. A fundamental shift in the economics of zero-day exploitation will enable mass exploitation campaigns, ransomware and extortion operations, and a surge in activity from actors who previously hoarded these capabilities and deployed them sparingly.
Automated Attack Chain Construction
A single low-severity vulnerability poses limited risk in isolation. But AI can systematically identify combinatorial exploitation paths across multiple seemingly unrelated vulnerabilities — constructing what are known as vulnerability chains or attack chains. As AI agents gain the ability to chain low-level vulnerabilities together, the practical impact gap between a remote code execution (RCE) flaw and a seemingly benign local-only vulnerability is rapidly disappearing.
The strategic implication is severe: the enterprise practice of "patch by severity score" is breaking down. A low-severity vulnerability, when AI-chained with others, can become the linchpin of a complete system compromise.
Accelerated Post-Disclosure Weaponization
In its 2025 Zero-Days in Review report, GTIG observed that PRC-nexus espionage operators have become increasingly adept at rapidly developing and distributing exploits across otherwise separate threat groups. This has already significantly shrunk the historical gap between public vulnerability disclosure and widespread exploitation — a trend expected to accelerate.
AI will compress this window further still, reducing what was once measured in weeks to a matter of hours or even minutes.
AI on the Defensive: Enterprise Use Cases
The report's core value lies in providing enterprises with a systematic defensive roadmap. The following sections are organized around the report's 8-step Advanced Modernization Roadmap and 7-step Foundational Roadmap.
AI-Driven Code Security Scanning
AI-powered scanning tools help teams detect critical vulnerabilities faster and surface clusters of weaknesses that appear minor in isolation but can be chained together for exploitation.
Specific use cases:
- Continuous code auditing: One-time static or dynamic scans are no longer sufficient. Organizations should deploy emerging commercial and open-source agentic solutions to continuously review code and remediate flaws before they can be exploited.
- Supply chain risk identification: AI can perform automated analysis of third-party libraries, flagging known vulnerabilities and suspicious behavioral patterns.
- CI/CD pipeline security: Automatically triggering security scans before code merges shifts security left into the development lifecycle.
- Secret and credential leak detection: Organizations should proactively scan codebases for sensitive credentials that could be weaponized by adversaries, and eliminate the practice of storing credentials in plaintext.
AI-Powered Security Operations Centers (Agentic SOC)
This is the most disruptive cluster of use cases in the report. Traditional dashboards and static detection rules will fail under the volume of AI-automated attacks. Security operations must become more dynamic, with a clear trajectory toward the agentic SOC.
By deploying specialized AI agents, teams can automate alert triage, analyze suspicious code without manual reverse engineering, correlate signals across multiple toolsets, and generate response playbooks in real time. This allows analysts to spend less time on repetitive investigation and more time on high-value decisions — enabling the SOC to respond to AI-enabled attacks at AI speed.
The Wiz Three-Color Agent Model — Role Breakdown:
| Agent Type | Role | Core Function |
|---|---|---|
| Red Agent (Adversarial Simulation) | Scans the attack surface from an AI attacker's perspective | Leverages cloud, workload, and code context to discover immediately exploitable risks |
| Green Agent (Root Cause Analysis) | Cloud-to-code root cause identification | Automatically deploys fixes; integrates with CodeMender to enable self-healing codebases |
| Blue Agent (Detection & Response) | Automates attack investigation at AI speed | Rapidly triages suspicious behavior; activates runtime protection tools |
AI-Driven Continuous Asset Discovery and Attack Surface Management
Unidentified assets represent a critical blind spot — one that AI-enabled threat actors are exploiting with increasing efficiency. Static spreadsheets and manual asset tracking are no longer viable or scalable.
Security teams need a continuously updated, automated inventory spanning endpoints, servers, internet-facing systems, network infrastructure, AI systems, cloud environments, and ephemeral assets such as Kubernetes pods. Dynamic asset discovery is essential for eliminating blind spots and detecting Shadow AI.
Extended perspective: The emergence of Shadow AI deserves particular attention as a new category of blind spot. AI tools deployed by employees without authorization, or AI agents connected without IT approval, can themselves become attack entry points — assets that traditional CMDB frameworks are entirely unable to track.
AI-Assisted Vulnerability Prioritization
Faced with an exponential increase in vulnerability volume, manual triage is no longer feasible. AI can automatically calculate remediation priority across multiple dimensions simultaneously:
- Business criticality of the affected asset
- Active exploitation intelligence (whether a PoC or active exploitation exists in the wild)
- Network exposure position (internet-facing vs. internal)
- Vulnerability chain composite risk score
Threat intelligence platforms that fuse Mandiant's codified frontline adversarial behaviors with Google's global threat visibility enable security teams to move beyond static indicators and track the subtle, non-linear behavioral signatures of novel attacks.
Securing AI Agents: The SAIF Framework
As organizations deploy AI agents at scale, those AI systems themselves become a new attack surface. Organizations should adopt Google's Secure AI Framework (SAIF) to guide the secure deployment of AI models and applications. Tools such as Google Cloud Model Armor can serve as a protective layer for LLM environments, screening inputs and outputs for prompt injection attempts, jailbreaks, and sensitive data leakage.
Locking down the connections AI systems are permitted to establish — including MCP integrations — through fine-grained IAM roles is critical to preventing threats arising from insecure plugin use.
Automated Emergency Response and SLA Governance
Organizations should define remediation SLAs based on severity, exposure, and asset criticality, and ensure alignment across security, IT, and business stakeholders.
When a vulnerability is being actively exploited in the wild, teams need pre-approved, low-friction processes to apply temporary mitigations — such as restricting public access or isolating affected systems — while permanent fixes are validated and deployed.
Extended Perspectives: Dimensions the Report Left Underexplored
The "Democratization" Paradox of AI Security Capabilities
The report acknowledges that while the most capable publicly known frontier models are currently accessible only to responsible actors, broader availability is inevitable. For defenders, this signals a significant surge in vulnerability management demands.
This creates a deeper paradox: AI equips defenders with powerful new tools, but it simultaneously places stronger offensive capabilities in the hands of threat actors — at a lower cost and with less friction than ever before. The equilibrium will ultimately be determined by which side can integrate AI into its workflows faster. At present, the offensive side faces considerably lower "innovation friction" — threat actors have no procurement cycles, compliance approvals, or change management processes to navigate.
Rethinking the Concept of "Severity"
The report raises an important but underexplored observation: the traditional concept of vulnerability severity is fundamentally shifting. In a landscape where AI agents can chain multiple low-level vulnerabilities together, the practical impact gap between a remote code execution flaw and a seemingly benign local vulnerability is rapidly collapsing.
This means the CVSS scoring framework that enterprises have relied upon for years requires fundamental reconstruction. Vulnerabilities can no longer be assessed in isolation. Organizations must instead build a vulnerability graph that models the combinatorial explosion of risk that emerges when vulnerabilities are AI-chained together.
The Reshaping of the Security Practitioner's Role
The report argues that the security practitioner's role must evolve from manual investigator to strategic coordinator. The social and organizational implications of this shift are significantly underestimated in the report. A large portion of entry-level security analyst work — alert triage, log analysis, report generation — will be absorbed by AI agents. Meanwhile, professionals capable of architecting AI security systems, understanding model behavioral boundaries, and orchestrating cross-system agent workflows will be in extreme short supply. This is a structural talent challenge that the industry has not yet adequately confronted.
New Dimensions of AI Supply Chain Security
The report addresses traditional software supply chain security, but the AI era introduces entirely new categories of supply chain risk:
- Model Poisoning: Attackers contaminate training data, causing defensive AI tools to produce systematic misclassifications or blind spots.
- Prompt Injection Attacks: Crafted malicious inputs manipulate the decisions made by security AI agents.
- MCP Connector Abuse: Every external connection established by an AI agent via the MCP protocol represents a potential side-channel attack path.
The Compounding Pressure of Regulatory Compliance
The report does not address the regulatory dimension. As AI accelerates the pace of vulnerability exploitation, regulators — including the SEC, GDPR enforcement authorities, and EU NIS2 supervisors — will raise the bar for what constitutes "reasonable security measures." Enterprises face not only a technical challenge, but a legal one: the question of whether failure to adopt AI-driven defenses constitutes regulatory negligence is one that courts and regulators will increasingly be asked to answer.
Comprehensive Use Case Matrix
| Dimension | AI Use Case | Current Maturity | Key Risk |
|---|---|---|---|
| Vulnerability Discovery (Offensive) | Automated zero-day vulnerability mining | High | Barrier to entry continues to fall |
| Exploit Generation (Offensive) | Automated exploit construction | Medium-High | Industrialization of ransomware |
| Attack Chain Construction (Offensive) | Chaining low-severity flaws into critical attacks | Medium | Traditional severity assessment rendered obsolete |
| Code Security Scanning (Defensive) | CI/CD integration, continuous code auditing | High | False positive rate management |
| SOC Automation (Defensive) | Alert triage, automated response playbook generation | Medium-High | Over-reliance on AI decision-making |
| Asset Discovery (Defensive) | Dynamic inventory, Shadow AI identification | Medium | Completeness of data coverage |
| Vulnerability Prioritization (Defensive) | Multi-dimensional intelligent remediation scheduling | Medium | Quality of contextual data inputs |
| AI System Self-Protection | SAIF, Model Armor, fine-grained IAM controls | Early Stage | Framework maturity and adoption gaps |
| Emergency Response (Defensive) | Automated isolation, temporary compensating controls | Medium | Risk of automated remediation errors |
HaxiTAG Research Notes: Points Warranting Close Scrutiny
The "access restricted to responsible actors" assumption is overly optimistic. The report asserts that the most capable frontier models are currently accessible only to responsible parties, but open-source models such as the Llama and DeepSeek families already possess considerable capabilities — with no access controls whatsoever. The report's treatment of this "open-source channel" is notably insufficient, and may materially underestimate the current threat reality, as opposed to some future one.
The audience boundary between the 8-step and 7-step roadmaps is ambiguous. The report assumes organizations can cleanly self-classify as either "mature" or "foundational." In practice, most enterprises exist in a hybrid state — mature in some domains, with critical gaps in others. The report provides no guidance on how to use the two roadmaps in parallel.
The evidentiary basis for the effectiveness of defensive AI tools is insufficient. The report heavily promotes Google's own product portfolio — Google SecOps, Model Armor, Google Threat Intelligence — creating a methodological conflict of interest, and cites no independent third-party benchmarks or evaluations. Readers should apply independent judgment to all product efficacy claims.
The core value of Google's report lies in providing a clear cognitive framework: the AI arms race between attackers and defenders has already begun, and the offensive side currently operates with lower friction. For enterprises, a wait-and-see posture is not a viable strategy. Defending against AI-enabled attacks at AI speed is not a challenge that belongs to the future — it is a survival imperative of the present.