AI-Directed Attacks and ICS Vulnerabilities: ESET’s Tony Anscombe on DynoWiper and the First AI Zero-Day

On May 29, 2026, Tony Anscombe, Chief Security Evangelist at ESET, released the May edition of his monthly column, This Month in Security. The analysis published on WeLiveSecurity highlights a widening gap between offensive sophistication and defensive fragility. It is not a narrative of technology triumphing in isolation, but rather one of advanced attacks failing against basic hurdles—and basic defenses remaining the most critical factor in resilience.

Weak Passwords and Exposed Systems: The Polish Case

Anscombe’s review cites an ABW alert regarding five Polish water treatment plants hit by industrial control system (ICS) intrusions during 2024-2025. The attack vectors are explicit: weak passwords and systems left open to the public internet.

The source links these vectors to a separately documented event: the deployment of DynoWiper against the Polish energy sector on December 29, 2025. Analyzed by ESET Research, DynoWiper is a destructive malware designed to overwrite data and render it unrecoverable, rather than encrypting it for ransom. ESET PROTECT blocked the execution, mitigating the impact. Attribution to Sandworm—the group linked to Russian military unit 74455—is classified with medium confidence, a level of uncertainty explicitly noted in the dossier.

A technical distinction remains: the DynoWiper documentation focuses on the energy sector, not water utilities. While Anscombe notes that water plants were targeted using "the same attack vectors," the dossier does not confirm that DynoWiper itself was deployed against those specific water treatment facilities.

AI Attacks and Fails: The Mexican Scenario

The second scenario analyzed by Anscombe involves Mexico, where an unknown group exfiltrated a "trove of data" from the government. The operation is described as "one of the world's first truly AI-directed attacks." This terminology reflects the source's labeling; the dossier does not specify the technical parameters that distinguish this as "truly AI-directed" compared to other automated operations.

The critical technical takeaway is the subsequent failure. Following the government data theft, the attackers targeted a water plant but "failed to bridge the gap from IT to OT systems." The target was the facility's operational technology, but the attack stalled at the IT/OT boundary. Network segmentation—or its presence as a barrier versus its absence as a vulnerability—emerges as the determining variable in the outcome.

The dossier does not identify the threat actor, detail the AI methodology, or specify whether the IT-OT failure resulted from active countermeasures or attacker error. These limits are recorded as substantial uncertainties within the brief.

The First AI-Generated Zero-Day: Google’s Claim

The third theme is potentially the most significant for the industry. According to Anscombe, Google has identified "what it believes is the first zero-day exploit developed using AI." This phrasing preserves Google’s specific claim rather than an independent verification; the qualifier "what it believes" is integral to the source text.

The dossier lacks a CVE, affected product details, attack vectors, or a discovery date. Anscombe presents this as a threshold to monitor rather than a technically detailed event. For the industry, the significance lies in Google’s declaration as a directional indicator: if a generative model has produced zero-day exploit code, the vulnerability creation chain has entered a new phase, regardless of the quality or impact of this initial case.

"Americans lost more than $388 million last year to scams using cryptocurrency kiosks, according to the FBI"

Crypto ATMs and the $388 Million FBI Figure

The final topic in the review shifts focus to enabling technology and human vulnerability. According to the FBI, Americans lost more than $388 million in 2025 to scams involving cryptocurrency kiosks—physical machines used for purchasing and converting digital currency.

The dossier does not specify the FBI’s methodology for this estimate, the sample size, or the classification criteria for these scams. The figure is presented as an official data point. This scale positions crypto ATM fraud as a significant national phenomenon rather than a marginal threat.

Why It Matters

The source does not provide specific corrective measures or explicit operational recommendations. No mitigation checklists, patching schedules, or specific MFA/monitoring mandates are provided; the brief focuses strictly on the analysis of reported facts.

Furthermore, the source does not detail the nature of the data exfiltrated in Mexico, the type of zero-day generated by AI, or the existence of a public ABW report containing full technical details on the Polish water sector attacks. As a full video transcript is unavailable, this analysis relies on the textual summary provided by the source.

The boundary between documented facts and assertions lacking technical detail is clearly defined. The May 2026 edition of Anscombe’s column, published May 29, follows the established WeLiveSecurity format: a monthly cross-sectional analysis of three primary stories. The primary source for this report is the textual summary accompanying the video feature.

Sources

• https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-may-2026/
• https://www.welivesecurity.com/en/our-experts/tony-anscombe/
• https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/
• https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-april-2026/
• https://www.welivesecurity.com/build/assets/eset-apt-activity-report-q4-2025-q1-2026-banner-4ab0d39b.png
• https://www.welivesecurity.com/en/