A researcher identified five distinct exploit paths resulting from an architectural weakness in Windows Remote Procedure Call (RPC) connection handling to unavailable services. This discovery highlights a fundamental vulnerability in a critical Windows system component that could potentially be leveraged for elevated privilege attacks or lateral movement.

Executive Summary Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation: For the first time, GTIG has identified a threat actor using a zero-day exploit that we believe was developed with AI.