Cyber May: AI Attacks Emerge, but Basic Vectors Remain the Primary Threat

In ESET’s May roundup, Tony Anscombe documents critical infrastructure breaches in Poland, Mexico’s first 'AI-directed' attack, and Google’s discovery of an AI…

Cyber May: AI Attacks Emerge, but Basic Vectors Remain the Primary Threat

On May 29, 2026, ESET Chief Security Evangelist Tony Anscombe presented the monthly cyber risk roundup, detailing a landscape where varying levels of threat maturity intersect. The report covers a wiper attack against Polish infrastructure using elementary vectors, an AI-directed attack in Mexico that failed during the IT-OT transition, and Google’s identification of what it believes is the first AI-generated zero-day exploit. The central theme of the dossier is clear: while offensive sophistication is advancing, the most dangerous breaking points remain in the security foundations.

The report, published on WeLiveSecurity, provides an editorial summary with technical claims granular enough for verification. The analysis centers on three primary cases and one quantitative figure regarding the economic impact of scams in the United States.

Key Takeaways
  • Poland’s Internal Security Agency (ABW) confirmed cyber intrusions into the Industrial Control Systems (ICS) of five water treatment plants between 2024 and 2025, using initial access vectors identical to those seen in the DynoWiper attacks on the energy sector.
  • An unidentified group launched one of the world’s first truly "AI-directed" attacks against the Mexican government; the actors successfully exfiltrated data but failed to bridge the gap to the operational technology (OT) systems of a water utility.
  • Google identified what it believes is the first zero-day exploit developed using artificial intelligence, though the dossier does not specify the vulnerable product or technical details of the flaw.
  • Americans lost more than $388 million in 2025 to scams involving cryptocurrency kiosks (crypto ATMs), according to FBI data cited by Anscombe.

Poland: Five Water Plants Hit via Energy-Sector Wiper Vectors

The first documented case involves official confirmation of intrusions into the industrial control systems of five Polish water treatment plants occurring throughout 2024 and 2025. The information was released by the ABW, the country’s internal security agency. The two primary attack vectors—weak passwords and internet-exposed systems—are persistent issues in the OT landscape. However, the dossier highlights a precise overlap: Anscombe notes these identical vectors were used in attacks against the Polish energy sector that deployed DynoWiper.

ESET previously conducted a technical analysis of DynoWiper in a separate report. The malware was detected on December 29, 2025, at a Polish energy firm, where ESET PROTECT blocked its execution and mitigated the impact. The wiper functions by overwriting files using a 16-byte buffer of random data and operates in three destructive phases. ESET attributes DynoWiper to the Sandworm group with medium confidence, noting that its TTPs resemble the ZOV wiper observed in Ukraine. The dossier does not confirm if DynoWiper was used in the water treatment plants; the primary source specifies that the vectors were "identical," but does not confirm the payload.

Mexico: The AI-Directed Attack That Failed the IT-OT Bridge

The second case involves what the dossier describes as "one of the first truly AI-directed attacks in the world." An unidentified group exfiltrated significant volumes of data from the Mexican government. However, a subsequent attempt to target a water utility failed during the transition from information technology (IT) systems to operational technology (OT) systems.

The dossier does not specify the exact timeframe of the incident or the technical mechanics of the AI-directed component. What is clear is the attack's structure: a successful exfiltration phase against a government target followed by a failed physical impact phase due to the inability to bridge the IT-OT gap. The brief suggests that while intelligent automation can accelerate reconnaissance and initial access, the architectural separation between IT and OT remains a point of friction even for actors experimenting with algorithmic direction.

This failure is indicative of a broader trend: offensive AI can streamline the early stages of an operation, but the transition to critical infrastructure remains a significant hurdle.

Google and the First Suspected AI-Generated Zero-Day

The third element of the roundup concerns Google’s report of what the company believes is the "first zero-day exploit developed using artificial intelligence." The dossier provides no details regarding the vulnerable product, CVE identifier, CVSS severity, or patch status. The phrasing—"what it believes"—indicates this is Google's internal assessment rather than an external confirmation or a full technical disclosure.

"Americans lost more than $388 million last year to scams using cryptocurrency kiosks, according to the FBI"

The FBI data on crypto ATMs, cited by Anscombe, adds a dimension of direct economic impact on end-users. The $388 million lost in 2025 represents the proceeds of scams that use the physical interface of cryptocurrency kiosks as a bridge between social engineering and the fraudulent movement of funds. The dossier does not specify the technical dynamics of these scams or the total number of victims.

Why It Matters

The brief does not document specific corrective measures or detailed operational recommendations from the cited entities. Instead, it presents a three-part threat landscape: classic vectors that remain effective against essential infrastructure, AI-directed experimentation with mixed results, and a potential qualitative shift in the automated generation of exploits for unknown vulnerabilities.

The dossier does not specify whether the Polish water plants suffered physical damage, the exact nature of the data exfiltrated in Mexico, or the target of Google’s suspected AI zero-day. While these limits leave the operational risk assessment incomplete, they are sufficient to trace a clear trend: the convergence of offensive automation and unresolved structural vulnerabilities.

The source provides no guidance on patch timeframes, IT/OT segmentation controls, or password policy implementation. Any such inferences fall outside the documented content of the briefing.

FAQ

Is it confirmed that DynoWiper was used in the Polish water treatment plants?
No. The dossier explicitly links the attack vectors (weak passwords, internet exposure) but not the payload. DynoWiper is documented in the Polish energy sector.

Who conducted the AI-directed attack in Mexico?
The dossier does not identify the responsible group. Attribution remains unknown.

Which product is vulnerable to the AI-generated zero-day reported by Google?
The dossier does not specify the product, CVE, or technical details of the flaw.

Information is based on the cited source and is current at the time of publication.

Sources