AI at the Wheel: When Hacking Stops Needing a Human" published: false description: "Five threats from late May 2026 mark an inflection point.

Dennis Kim Posted on May 30           AI at the Wheel: When Hacking Stops Needing a Human" published: false description: "Five threats from late May 2026 mark an inflection point. # ai # security # cybersecurity # web3 — AI is crossing from a hacking tool to an autonomous operator that decides and acts on its own. A field analysis. full document For two years, "AI in offensive security" mostly meant one thing: a faster human. Attackers used large language models to write phishing emails, draft malware, translate lures, or summarize stolen data. The model was a power tool. A human still held it. A cluster of incidents disclosed in late May 2026 quietly broke that assumption. In at least one case, the human let go of the wheel — and the attack kept driving. I publish an independent, OSINT-based CTI archive (TLP:GREEN), and over the past week I released five reports in four languages that, read together, sketch the same arc: AI is moving from a tool you point at a target to an operator that picks the target's locks by itself. Here is the field view. The spectrum: tool → operator → attack surface It helps to think of AI's role in an intrusion as a spectrum, not a switch. AI as a tool — the model accelerates a human-run attack (phishing copy, malware scaffolding, cryptojacking automation). The judgment is still human. AI as an autonomous operator — the model interprets live output and decides the next action with no human in the loop. The judgment is the model's. AI as an attack surface — the trust users place in AI output becomes the thing being exploited. The model is the victim's blind spot. Most of 2026's headlines still live in the first bucket. What makes this batch notable is that it spans all three — and includes the first credible public case of the second. 1. Marimo: the first AI-agent-driven intrusion This is the headline. Sysdig's Threat Research Team documented an intrusion where a large language model agent autonomously ra