AI Zero-Days and OT Vulnerabilities: ESET’s May 2026 Security Briefing

Tony Anscombe’s latest roundup highlights critical failures in Polish water plants, Google’s discovery of the first AI-generated zero-day, and $388 million in…

Tony Anscombe, Chief Security Evangelist at ESET, released his monthly cyber security summary on May 29, 2026. The briefing synthesizes four distinct trends: OT attacks in Poland, an AI-directed attempt in Mexico, a suspected AI-generated zero-day, and the drainage of hundreds of millions via crypto kiosks.

For organizations managing industrial systems, the briefing indicates that fundamental hygiene remains a primary defense. The data points suggest that automated tools are lowering the entry barrier for exploits, though their ultimate effectiveness in physical environments varies.

Key Takeaways

Poland’s ABW agency documented cyber intrusions into the Industrial Control Systems (ICS) of five water treatment plants between 2024 and 2025; the primary vectors were weak passwords and systems exposed directly to the internet.
An unidentified group launched one of the first recorded "AI-directed" attacks in Mexico, though the attempt to bridge from IT to OT systems failed.
Google identified what it believes is the first zero-day exploit developed using AI; technical details and CVE identifiers have not been disclosed.
Americans lost more than $388 million in 2025 to scams involving cryptocurrency kiosks, according to FBI data cited by Anscombe.

Polish Water Plants and the Return to Basics

The alert originated from Poland’s internal security agency, the ABW, regarding cyber intrusions into the ICS of five water treatment facilities during the 2024-2025 period. Anscombe states: "The two main attack vectors – weak passwords and systems exposed directly to the internet – were the same as those used in attacks against the Polish energy sector that leveraged DynoWiper described by ESET researchers here."

The connection lies in the vectors, not the specific campaigns. ESET’s source on DynoWiper documents an attack on a Polish energy company in December 2025, involving the execution of three variants—schtask.exe, schtask2.exe, and a third redacted name—all of which were blocked by ESET PROTECT. Attribution to Sandworm is held with "medium confidence." The dossier does not extend this attribution to the water plants, nor does it document the use of DynoWiper outside the energy sector.

Five critical infrastructure sites were targeted over two years using vectors that a basic audit would have intercepted. This implies that the Polish OT attack surface remains vulnerable due to unimplemented controls.

Mexico: When AI Leads but Fails to Cross

The second thread involves an attack on the Mexican government, which Anscombe describes as "one of the world's first truly AI-directed attacks." The attack resulted in the exfiltration of government data. However, a subsequent attack on a local water plant failed to bridge the gap from IT to OT systems.

No details were provided regarding the "AI-directed" mechanism—whether it involved LLMs, autonomous agents, or other tools—nor were specific TTPs mentioned. The identity of the group remains unknown. The source documents that while AI was used in the IT collection and exfiltration phase, the transition to physical OT was not successful.

The AI-Generated Zero-Day According to Google

The third claim involves Google's identification of what it believes is the first zero-day exploit developed using AI. The phrase "what it believes" reflects the source's stance, as the claim awaits external community verification.

The dossier provides no CVE, vulnerable product, attack vector, CVSS score, or disclosure timeline. There is a gap between the claim of identification and public documentation. The claim serves as a signal that Google considers the AI generation of zero-day exploits an established event.

The brief does not clarify if "AI-directed attacks" and "AI-generated zero-days" represent the same technology applied to different phases or two separate ecosystems.

$388 Million in Digital Cash

The fourth data point shifts focus to mass physical infrastructure. According to the FBI, as cited by Anscombe, "Americans lost more than $388 million last year to scams using cryptocurrency kiosks." This figure is definitive for the year 2025.

Crypto kiosks—ATMs that convert cash into cryptocurrency—are a major vector for mass extortion because they make the final transfer irreversible and pseudonymous. The brief indicates that scams do not require sophisticated exploits when the cash-to-crypto conversion chain is accessible and geographically widespread.

"Americans lost more than $388 million last year to scams using cryptocurrency kiosks, according to the FBI" — Tony Anscombe, ESET Chief Security Evangelist, May 29, 2026

Why It Matters

The briefing does not document specific corrective measures or structured operational recommendations for the four threads. Regarding the Polish incidents, the source does not specify if the ABW released a public report. For the AI-generated zero-day, identifiers and vulnerable products are missing. In the Mexican case, the "AI-directed" methodology lacks technical detail, and the brief does not specify the factors that prevented the transition from IT to OT systems. Furthermore, no attribution lines are drawn between the Polish water attacks and the DynoWiper energy sector attacks beyond the shared vectors.

For corporate readers with OT responsibilities, the signal is that the IT-OT bridge remains a critical point of interest for attackers. Basic hygiene, such as password security, remains a factor in protecting critical infrastructure.

Frequently Asked Questions

What is DynoWiper and where was it documented?
DynoWiper is destructive malware attributed to Sandworm with medium confidence by ESET Research. Detailed technical documentation refers to an attack against a Polish energy company in December 2025, with three variants executed on December 29, 2025, and blocked by ESET PROTECT.

Is the AI-generated zero-day independently confirmed by Google?
No. The dossier exclusively reports Google’s position ("what it believes"). No external verifications, assigned CVEs, or third-party advisories appear in the brief.

Did the Polish water sector attacks use DynoWiper?
The brief does not document this. Anscombe links the vectors (weak passwords, exposed systems) between the two sectors, not the malware itself. DynoWiper is only confirmed in the energy sector within the ESET Research source.

Information is based on the cited source and is current as of the time of publication.