Every year, SANS researchers go to the RSAC Conference to talk about the five most common ways to attack This article explores zero day exploits. . But 2026 is a big change: all of them are powered by AI.
In the past, only well-funded nation-state actors could use zero-day exploits. But AI has broken down that barrier to getting into the zero-day game, according to Joshua Wright, senior technical director of the SANS Institute. He says that the Shai-Hulud worm has infected more than a thousand open source packages and revealed 14,000 passwords across 487 organizations. Wright says that a software supply chain attack affected two out of three organizations in the past year.
He also says that there has been an increase in third-party involvement in breaches and the number of malicious packages published to open source registries.
"Your attack surface isn't the software you picked. Wright says, "It's the whole ecosystem of suppliers that makes it work." Researchers in security say that AI-driven attacks are 47 times faster than attacks that use people.
Rob Lee: The people looking into it still don't know if the damage was caused by an attack or was just an accident. Lee said, "Governments won't be happy not knowing what happened to their critical infrastructure and why someone died." He says that the money spent on making OT systems more visible can't wait until the next disaster makes it necessary. Barnhart said that the attack surface has grown far beyond the network and that trained people need to be able to make decisions at every step of the way.
"Tools don't usually cause breaches to fail. "They fail at decision points. AI can't be the decision point," Barnhart said.
Defenders will have a real advantage over attackers if they can move quickly and work together with other defenders around the world.
