The New York Times 2026-05-12-2
Google Says Criminal Hackers Used A.I. to Find a Major Software Flaw
AI compressed vulnerability discovery to near-zero cost; credentialed access remained the second gate. Google's disclosure of the first criminal AI-enabled zero-day is the empirical confirmation that the offense-side binding constraint has shifted from bug-finding to credential acquisition, which re-rates the IAM stack more cleanly than the AI-security pure-plays. Rob Joyce's "fingerprint at the crime scene" line points to a parallel category in forensic AI-authorship detection that remains structurally unfilled.