Everyone's getting hacked

The moment he says AI hacking stopped feeling theoretical

Berman opens by saying this is the first time AI has genuinely made him worried. The trigger is Google’s report that a threat actor used AI to develop a real zero-day exploit in the wild — the kind of bug people usually hoard because it’s so valuable — though Google says its own counterdiscovery may have prevented a wider attack.

Shai-Hulud and the npm worm eating the internet

He then jumps to the ongoing Shai-Hulud worm, which he describes as “basically taking over the internet right now.” The attack started in npm, spread across 373 malicious package versions and 169 package names including UiPath and Tallyui, then crossed into PyPI; the nastiest detail is a dead-man switch that can nuke your home directory if you revoke the GitHub token it stole.

Why AI makes this wave of attacks worse

Berman leans on a simple explanation: way more code is being written, and way more people are shipping AI-generated code without really checking what got installed. He admits he’s guilty too, then connects that to attackers waking up after credential thefts like Team PCP, creating a world where AI dramatically increases both attack volume and attack surface.

Vercel’s breach and the speed of AI-assisted attackers

To show this isn’t abstract, he points to Vercel’s April 2026 security incident. CEO Guillermo Rauch said an employee was compromised through a breach tied to an AI platform called context.ai, and Berman zeroes in on Rauch’s line that the attackers moved with “surprising velocity and in-depth understanding of Vercel,” which he strongly suspects was accelerated by AI.

Google’s report: AI is now useful at every stage of the attack chain

From there he walks through Google’s broader findings: AI for vulnerability discovery, exploit generation, malware development, defense evasion, and autonomous operations. His framing is blunt — if AI can help you build a toy app in hours, it can help attackers build entire hacking suites, obfuscation layers, and always-on agents that keep probing systems indefinitely.

Mythos, GPT-5.5 Cyber, and the labs’ split-screen strategy

Berman says the frontier labs are not sitting still, and Anthropic’s Claude Mythos is his clearest example. Anthropic reportedly gave the 10-trillion-parameter model to companies like AWS, Apple, Google, Nvidia, Palo Alto Networks, and JPMorgan after it found a 27-year-old OpenBSD bug, a 16-year-old FFmpeg flaw, and chained Linux kernel exploits — but Anthropic kept it unreleased, which he calls very on-brand and also “fear-based marketing,” especially after OpenAI launched GPT-5.5 Cyber anyway.

His big argument: bigger model beats smaller model

This is where he brings in Jensen Huang’s “my AI versus your AI” logic. Berman thinks top defensive AI will usually beat criminal AI because the best models require insane amounts of compute, electricity, money, and talent — resources rogue groups don’t have — so the strongest systems will mostly come from major states and frontier labs.

The part that still worries him: profitable attacks on the long tail

Even with that optimism, he says AI changes the economics of attacking smaller targets. Individuals, startups, and lightly defended teams used to be too low-value to justify much effort, but open-source models and cheap automation make high-volume, lower-value attacks newly profitable — which is why he also warns about deepfakes, phishing, and even suggests setting a family passphrase so your parents don’t get fooled by an AI-generated FaceTime call.