AI at the Wheel: When Hacking Stops Needing a Human" published: false description: "Five threats from late May 2026 mark an inflection point.

— AI is crossing from a hacking tool to an autonomous operator that decides and acts on its own. A field analysis.

full document

For two years, "AI in offensive security" mostly meant one thing: a faster human. Attackers used large language models to write phishing emails, draft malware, translate lures, or summarize stolen data. The model was a power tool. A human still held it.

A cluster of incidents disclosed in late May 2026 quietly broke that assumption. In at least one case, the human let go of the wheel — and the attack kept driving.

I publish an independent, OSINT-based CTI archive (TLP:GREEN), and over the past week I released five reports in four languages that, read together, sketch the same arc: AI is moving from a tool you point at a target to an operator that picks the target's locks by itself. Here is the field view.