The lines between offense and defense in cybersecurity are being redrawn by AI systems on both sides. Photo via Unsplash.
Seven days. That is roughly how long it took this past week for the fundamental assumptions about AI and cybersecurity to get rewritten. Not in some theoretical future sense. Right now, in incident reports and SEC filings and press releases that landed between May 5 and May 12, 2026. Google's Threat Intelligence Group published the first confirmed evidence of an AI-generated zero-day exploit. OpenAI rolled out a cybersecurity-specific model and offered it to European regulators. Anthropic signed a deal with SpaceX for 300 megawatts of compute capacity and expressed interest in orbital data centers. Palo Alto Networks disclosed a CVSS 9.3 zero-day that had been exploited for nearly a month. And a company founded by a Robinhood co-founder raised $275 million to build rockets because there are not enough of them to put data centers in space.
These are not separate stories. They are chapters in the same narrative: the AI industry is rapidly building the infrastructure for a new kind of arms race, and the cybersecurity implications are cascading faster than most policy frameworks can absorb.
The First AI-Generated Zero-Day: Google's Discovery
On May 11, Google's Threat Intelligence Group (GTIG) dropped a report that will be cited in cybersecurity textbooks for years. For the first time, Google confirmed it had identified and stopped a zero-day exploit that was developed using AI. The exploit targeted an unnamed open-source, web-based system administration tool and was designed to bypass its two-factor authentication system. The attackers intended to use it for what GTIG described as a "mass exploitation event."
The vulnerability itself was a high-level semantic logic flaw, not a memory corruption bug or a buffer overflow. The kind of vulnerability that AI language models are uniquely good at finding: one where a developer hardcoded a trust assumption in the 2FA system, and the AI simply reasoned through the logic to find where that assumption could be subverted. This is precisely the type of bug that traditional fuzzing and static analysis tools struggle with, because they do not "think" the way an LLM does about the logical flow of a system.
GTIG found several telltale signs of AI involvement in the exploit code: an abundance of educational docstrings, a hallucinated CVSS score, and a "structured, textbook Pythonic format highly characteristic of LLMs training data." Google stated it has "high confidence that the adversary used an AI model" but does not believe Gemini was the specific model used.
The significance here is difficult to overstate. For years, security researchers have debated whether AI would eventually be used to discover and weaponize vulnerabilities. The debate is over. It happened. And Google's assessment makes clear that this is not a one-off incident: GTIG noted that Chinese and North Korean threat actors, including APT27, APT45, UNC2814, UNC5673, and UNC6201, are already using AI models for vulnerability discovery and exploit development. Russian-linked actors are using AI-generated decoy code to obfuscate malware like CANFAIL and LONGSTREAM. A Russian operation called "Overload" used AI voice cloning to impersonate real journalists in fake videos promoting anti-Ukraine narratives.
The PromptSpy Android malware, documented by ESET earlier this year, was also highlighted in Google's report. It uses Gemini APIs for autonomous device interaction, including a hardcoded prompt that assigns a benign persona to bypass the LLM's safety filters and then calculates UI geometry to interact with the device automatically, including replaying authentication patterns like lock patterns and PINs.
The exploit code contained educational docstrings and a hallucinated CVSS score, clear fingerprints of AI-generated code. Photo via Unsplash.
Palo Alto's 34-Day Head Start For Attackers
Adding to the severity of the week: on May 6, Palo Alto Networks disclosed CVE-2026-0300, a CVSS 9.3 buffer overflow vulnerability in PAN-OS's User-ID Authentication Portal (the captive portal). The flaw allows unauthenticated attackers to execute code as root on internet-exposed PA-Series and VM-Series firewalls. Unit 42's threat intelligence team confirmed that exploitation had been tracked back to April 9, meaning attackers had been exploiting this vulnerability for nearly 34 days before patches were announced. Patches are scheduled for May 13.
A CVSS 9.3 root-level RCE on enterprise firewalls is about as serious as it gets in enterprise security. Firewalls are perimeter devices. If you can execute code as root on one, you own the network behind it. The 34-day exploitation window is a sobering reminder of the gap between vulnerability discovery and remediation, even for a vendor with Palo Alto's resources and urgency.
Palo Alto Networks firewalls are deployed across Fortune 500 enterprises, government agencies, and critical infrastructure worldwide. The 34-day exploitation window before patch availability represents a significant window of exposure for organizations that could not immediately disable the captive portal feature.
OpenAI's GPT-5.5-Cyber: The Defensive Response
On May 7, OpenAI rolled out GPT-5.5-Cyber, a specialized variant of its latest model designed specifically for high-impact cybersecurity research. Available in limited preview to vetted defenders responsible for securing critical infrastructure, GPT-5.5-Cyber sits at the top of a three-tier access framework:
Standard safeguards
Verified defenders, lower refusals
Most permissive, red teaming & pen testing
The framework is OpenAI's attempt to thread a needle that seems impossible: give defenders enough capability to find and fix vulnerabilities before attackers do, while preventing the same capabilities from being weaponized. The Trusted Access for Cyber (TAC) layer gives verified defenders lower classifier-based refusals for legitimate workflows like vulnerability identification, malware analysis, binary reverse engineering, and patch validation, while continuing to block requests that could enable credential theft, stealth, persistence, or malware deployment.
But the timing is hard to ignore. The same week that Google confirmed AI-generated zero-days exist in the wild, OpenAI is rolling out a more capable offensive security model. The company argues this is precisely the point: defenders need AI tools that match or exceed what attackers can already access through open-source or leaked models. Starting June 1, 2026, all individuals accessing GPT-5.5-Cyber will be required to enable phishing-resistant account security protections.
The EU Regulatory Dimension
Perhaps more interesting than the model itself is the political maneuvering around it. OpenAI is in talks with the European Commission to grant EU authorities access to GPT-5.5-Cyber for identifying software vulnerabilities. This is a deliberate move to stay ahead of European regulators who have been pressuring AI companies about the offensive capabilities of their models, particularly after Anthropic's Mythos model became a flashpoint.
Politico reported that EU pressure is building on Anthropic over Mythos, with regulators demanding access and transparency for a model they believe poses significant cybersecurity risks if misused. Anthropic has so far resisted, keeping Mythos closed off from European regulators. OpenAI's willingness to offer access is both a genuine security gesture and a strategic positioning move: it makes the EU more likely to view OpenAI favorably when drafting AI safety regulations that could constrain the entire industry.
The EU is pushing for access to AI cybersecurity models, creating a new frontier in AI regulation. Photo via Unsplash.
Anthropic, SpaceXAI, and Orbital Compute
On May 6, Anthropic announced a partnership with SpaceX, now rebranded as SpaceXAI after its merger with xAI, that is reshaping the compute landscape for AI. Anthropic will purchase all of the capacity at SpaceX's Colossus 1 data center in Memphis, Tennessee, amounting to more than 300 megawatts of compute power, housing over 220,000 NVIDIA GPUs. This is not a future plan. The capacity is available within the month.
The immediate effect: Anthropic is doubling rate limits for Claude Code across Pro, Max, Team, and Enterprise plans, removing peak-hour throttling, and significantly raising API rate limits for Claude Opus models. Dario Amodei, Anthropic's CEO, said the company is growing at an annualized rate 80 times last year's levels, far exceeding their planning assumption of 10x growth.
"As you saw today with the SpaceX compute deal, we're working as quickly as possible to provide more compute than we have in the past. We'll continue to do so." Dario Amodei, CEO, Anthropic
But the truly futuristic part of the announcement was almost a footnote: Anthropic also expressed interest in partnering with SpaceX to develop multiple gigawatts of orbital AI compute capacity. This is not idle speculation. SpaceX filed plans in January 2026 to deploy up to one million satellites as orbital data centers, explicitly to serve AI compute demand. The company argues it is the only organization with the launch cadence, mass-to-orbit economics, and constellation operations experience to make orbital compute a "near-term engineering program rather than a research concept."
Anthropic's total compute agreements now include: the SpaceX Colossus 1 deal (300+ MW), an up to 5 GW agreement with Amazon (including nearly 1 GW by end of 2026), a 5 GW agreement with Google and Broadcom (coming online 2027), a strategic partnership with Microsoft and NVIDIA ($30 billion of Azure capacity), and a $50 billion investment in American AI infrastructure with Fluidstack. The orbital data center component, if realized, could add multiple additional gigawatts.
Cowboy Space and the Rocket Problem
The orbital compute vision has a problem: rockets. Or rather, the lack of them. On May 11, Cowboy Space Corporation, founded by Robinhood co-founder Baiju Bhatt, announced a $275 million Series B at a $2 billion valuation. The company, originally called Aetherflux and focused on space-based solar power, pivoted to orbital data centers when it realized the economics demanded it, and then pivoted again to building its own rockets when it could not find enough launch capacity.
Bhatt told TechCrunch he spoke to multiple launch providers but could not find sufficient capacity to scale an orbital data center business at unit economics that compete with terrestrial alternatives. His solution: build the rockets too. Cowboy Space plans to build data centers directly into the second stage of its rockets, a throwback to Explorer 1, America's first satellite, which was essentially a rocket stage filled with radio equipment. The first launch is targeted before the end of 2028.
The space data center race now includes SpaceX (1 million planned satellites), Blue Origin's Project Sunrise (up to 51,600 satellites), Starcloud (88,000 satellites, $170 million raised in March), Google's Suncatcher (targeting mid-2030s), and Cowboy Space. SpaceX's S-1 filing, however, warns that its orbital data center plans "involve significant technical complexity and unproven technologies, and may not achieve commercial viability," even as Elon Musk has publicly called space-based AI compute a "no-brainer."
The compute demands of frontier AI models are outstripping terrestrial power and cooling capacity. Photo via Unsplash.
AlphaEvolve: From Math Discoveries to TPU Design
Also on May 7, Google DeepMind published an update on AlphaEvolve, its Gemini-powered coding agent, showing how a tool initially designed to discover new mathematical results has scaled into a system that is now optimizing core infrastructure at Google. The breadth of impact is remarkable:
| Domain | Result |
|---|---|
| Genomics | 30% reduction in variant detection errors in DeepConsensus (PacBio collaboration) |
| Power Grids | AC Optimal Power Flow feasible solution rate: 14% to 88% |
| Earth Sciences | 5% accuracy improvement across 20 natural disaster prediction categories |
| Quantum Computing | 10x lower error quantum circuits for Google's Willow processor |
| Mathematics | Solved Erdos problems (with Terence Tao), improved TSP and Ramsey Number bounds |
| TPU Design | Proposed counterintuitive circuit designs now integrated into next-gen TPUs |
| Infrastructure | 20% reduction in write amplification for Google Spanner; 9% storage footprint reduction via compiler optimization |
| Logistics | 10.4% routing improvement for FM Logistic, saving 15,000+ km annually |
| Semiconductors | Multi-fold runtime speed increase for Substrate's computational lithography |
The TPU design achievement deserves special attention. Jeff Dean, Google's Chief Scientist, noted that AlphaEvolve "proposed a circuit design so counterintuitive yet efficient that it was integrated directly into the silicon of our next-generation TPUs." This is not an AI writing blog posts. This is an AI designing the silicon that runs other AIs. The recursive implication is significant: the next generation of AI hardware will have been designed, in part, by AI.
In cache replacement policy discovery, AlphaEvolve achieved in two days what previously required months of concerted human effort. It also discovered more efficient Log-Structured Merge-tree compaction heuristics for Google Spanner, reducing write amplification by 20%. These are not toy problems. Spanner is the database that powers Google's global infrastructure, and a 20% reduction in write amplification translates to real cost savings at Google's scale.
"AlphaEvolve began optimizing the lowest levels of hardware powering our AI stacks. It proposed a circuit design so counterintuitive yet efficient that it was integrated directly into the silicon of our next-generation TPUs." Jeff Dean, Chief Scientist, Google DeepMind and Google Research
Google is now bringing AlphaEvolve to commercial enterprises via Google Cloud, with Klarna (doubling training speed), Substrate (semiconductor manufacturing), FM Logistic (logistics), and WPP (advertising) already on board. The commercialization of a research tool that can discover new mathematics and optimize TPU circuits is a significant milestone.
AlphaEvolve is now designing circuit logic for the very TPUs that run AI models, including itself. Photo via Unsplash.
OpenAI's Voice Intelligence Push
Also on May 7, OpenAI released three new audio models that represent a significant leap in voice AI: GPT-Realtime-2 (voice with GPT-5-class reasoning), GPT-Realtime-Translate (live translation from 70+ input languages into 13 output languages), and GPT-Realtime-Whisper (streaming speech-to-text). The context window for GPT-Realtime-2 has been expanded from 32K to 128K tokens, and the model now supports adjustable reasoning effort (minimal, low, medium, high, xhigh).
The practical applications are immediate. Zillow is building a voice assistant that can reason through complex real estate queries like "find me homes within my BuyAbility, avoid busy streets, and schedule a tour for Saturday." Deutsche Telekom is building multilingual customer support. Priceline is working toward full trip management by voice. These are not demos. They are production deployments that depend on the model being able to understand what someone means, keep track of context, recover gracefully from interruptions, use tools while the conversation continues, and adjust tone appropriately.
On Big Bench Audio, GPT-Realtime-2 (high) scores 15.2% higher than GPT-Realtime-1.5. On Audio MultiChallenge for instruction following, GPT-Realtime-2 (xhigh) scores 13.8% higher. Zillow reported a 26-point lift in call success rate (95% vs 69%) after optimizing for GPT-Realtime-2, with materially better Fair Housing compliance, which is critical for a real estate platform.
The Second-Order Effects
The convergence of AI, cybersecurity, and orbital infrastructure is creating entirely new threat surfaces and business models. Photo via Unsplash.
Here is what makes this week genuinely different from previous "AI week" hype cycles: the second-order effects are now visible and structural.
1. The AI-Cyber Offense-Defense Asymmetry Is Inverting
For decades, the advantage in cybersecurity has favored the attacker. Attackers only need to find one vulnerability; defenders need to protect all of them. AI is inverting this, but in both directions simultaneously. Defenders now have AI tools that can reason about code logic, find semantic flaws, and automate patch validation at scale. But attackers have those same tools, and Google's report shows they are using them. The key insight from GTIG's findings: the AI-generated zero-day was a semantic logic flaw, not a memory corruption bug. This is the category of vulnerability where AI's reasoning capabilities provide the most leverage. We should expect many more of these.
2. Compute Is Becoming a Strategic Asset at the National Level
Anthropic's deal with SpaceXAI is not just a procurement agreement. It is a statement that compute capacity is now a strategic asset on par with energy infrastructure. The scale of the agreements Anthropic has assembled, totaling well over 10 GW across terrestrial and potentially orbital facilities, would have been unthinkable two years ago. And the EU's interest in GPT-5.5-Cyber is partly about cybersecurity, but it is also about sovereign access to AI capabilities. Countries that cannot secure compute will be at a structural disadvantage in both AI development and national security.
3. Orbital Compute Is Real Enough to Attract Billions
Cowboy Space's $275 million raise, SpaceXAI's million-satellite filing, Starcloud's $170 million, and Blue Origin's Project Sunrise collectively represent billions of dollars in bets that the future of AI compute is not entirely terrestrial. SpaceX's S-1 caveat about technical complexity and unproven technology is the honest assessment. But the sheer amount of capital flowing into orbital data centers suggests that the market believes the technical challenges are solvable, even if the timeline is uncertain.
4. AI Designing AI Hardware Creates a Feedback Loop
AlphaEvolve designing TPU circuits is not just a clever demo. It is the beginning of a feedback loop where AI optimizes the hardware that runs AI, which makes AI more capable, which can then design better hardware. The two-day cache replacement policy discovery that previously took months is a microcosm of this acceleration. When the optimization cycle compresses from months to days, the pace of hardware improvement becomes limited not by human engineering bandwidth but by manufacturing timelines and physical constraints.
What Happens Next
The immediate follow-ons are already visible. Palo Alto's patches for CVE-2026-0300 arrive May 13, and every enterprise security team should be checking their exposure. Google's report on AI-generated exploits will likely catalyze a wave of similar disclosures from other threat intelligence teams. OpenAI's GPT-5.5-Cyber access program will expand, and the EU's regulatory response to both OpenAI and Anthropic will shape the global framework for offensive AI capabilities. Anthropic's SpaceXAI deal will put pressure on competitors to secure similar compute arrangements, potentially accelerating more orbital data center investments.
The deeper shift is more fundamental. We have entered the era where AI is not just a tool used by cybersecurity teams. It is an active participant on both sides of the offense-defense equation, and its footprint is expanding into the physical infrastructure of computation itself, from terrestrial data centers to orbital satellites. The companies building AI models now need to think like infrastructure companies. The companies securing networks now need to think like AI researchers. And the regulators trying to govern all of this need to understand that the technology is moving faster than any regulatory cycle can match.
The week of May 5-12, 2026, did not change everything. It made visible what was already happening. The AI arms race in cybersecurity is not theoretical. The compute constraints are not temporary. The orbital ambitions are not science fiction. They are all happening now, simultaneously, and the systems we build in the next few years to manage them will determine whether AI becomes primarily a tool for defense or the most powerful offensive capability ever created.
Google stopped a zero-day hack developed with AI - The Verge, May 11, 2026
Google: Hackers used AI to develop zero-day exploit - BleepingComputer, May 11, 2026
Palo Alto Networks firewall zero-day exploited for nearly a month - BleepingComputer, May 7, 2026
Scaling Trusted Access for Cyber with GPT-5.5 and GPT-5.5-Cyber - OpenAI, May 7, 2026
Advancing voice intelligence with new models in the API - OpenAI, May 7, 2026
Higher usage limits for Claude and a compute deal with SpaceX - Anthropic, May 6, 2026
Anthropic to consider using SpaceX orbital data center satellites - SpaceNews, May 6, 2026
Cowboy Space raised $275M to build rockets for space data centers - TechCrunch, May 11, 2026
AlphaEvolve: How our Gemini-powered coding agent is scaling impact across fields - Google DeepMind, May 7, 2026
OpenAI offers EU access to new AI hacking model - POLITICO, May 2026
EU pressure builds on Anthropic over Mythos hacking risks - POLITICO, May 2026
OpenAI to give EU access to new cyber model; Anthropic still holding out on Mythos - CNBC, May 11, 2026