How Hackers Are Using AI
... and your martech stack is a target they’re already mapping
Last week, Google’s threat intelligence team caught a cybercrime group using AI to build a zero-day exploit. It was the first time Google had caught an AI-generated zero-day in the wild, but it will not be the last. For CMOs who have not thought about AI security as a marketing problem, 2026 is the year to start.
On May 11, Google’s Threat Intelligence Group published a report that should reset how marketing leaders think about their vendor relationships. Security researchers said they believe a cybercrime group used artificial intelligence to create a hacking tool that can bypass defenses in a widely used system administration tool, designed for mass exploitation and foiled only when Google alerted the affected vendor before launch.
Google noted that the zero-day was designed to bypass two-factor authentication, and that the attack code contained tell-tale signs of AI authorship: an abundance of educational docstrings, a hallucinated CVSS score, and a structured, textbook Pythonic format highly characteristic of LLM training data. In other words, the AI left fingerprints. Defenders caught it this time partly because they knew what AI-generated attack code looks like, but they may not always have that advantage.
Google highlighted that Chinese and North Korean state-sponsored threat actors have been particularly interested in leveraging AI to discover vulnerabilities. The threat is not limited to infrastructure attacks on government systems. The same tools are being turned on commercial software, SaaS platforms, and the sprawling vendor ecosystems that marketing organizations have assembled over the past decade.
How Fast the Threat Landscape Has Changed
Time to exploit (the time from when a vulnerability is publicized until an exploit is discovered in the wild) has fallen from over 700 days in 2020 to just 44 days in 2025. Mandiant’s M-Trends 2026 report found that this number has effectively gone negative: exploits are now arriving before patches, with 28.3% of CVEs exploited within 24 hours of disclosure.
In 2022, there were 55,000 malicious packages in public repositories. By 2025, that number had grown to 454,600, with notable leaps in 2023 when GPT-4 was released, and in 2025, a marquee year for agentic coding.
AI has lowered attack barriers dramatically. In February 2025, three teenagers with no coding background used ChatGPT to build a tool that hit a mobile network system 220,000 times. In July 2025, a single actor using an agentic AI coding platform conducted an extortion campaign targeting 17 organizations over one month, using AI to develop malicious code, organize stolen files, analyze financial records to calibrate demands, and draft extortion emails.
But AI is not replacing sophisticated human attackers - it is just enabling previously unsophisticated actors to operate at the level of sophisticated ones, while enabling sophisticated actors to operate at an unprecedented scale.
The Supply Chain Attack Is the Marketing Attack
The Google zero-day report describes a specific attack type - a vulnerability in a widely-used tool, exploited by AI-generated code designed for mass deployment. This category, the supply chain compromise, is the one marketing organizations should be most focused on, because it targets exactly the kind of interconnected vendor ecosystem that marketing functions have built.
Attackers are deliberately targeting the tools developers are told to trust most: security scanners, password managers, and other high-privilege software wired directly into developer environments. “They know these products are deeply embedded, highly trusted, and often massively overprivileged. That makes them incredibly effective choke points for both data theft and downstream propagation.”
The most significant supply chain incident of 2026 illustrates this directly. In late March, attackers compromised LiteLLM - an open-source tool used to enable communication between different AI models, present in roughly 36% of cloud environments. The compromised packages were available for only around 40 minutes, but LiteLLM sees millions of downloads per day, meaning organizations running automated pipelines may have unknowingly pulled the malicious code during that brief window. The downstream cascade affected thousands of organizations, including Mercor (a $10 billion AI training startup working with OpenAI and Anthropic) whose breach exposed 4 terabytes of data, including AI training secrets and the personal data of over 40,000 individuals.
The Mercor incident illuminates a structural risk the marketing technology industry has not seriously confronted: when dozens of marketing platforms share the same underlying AI infrastructure dependencies, a single compromise can cascade across the entire stack simultaneously. Your email platform, CDP, analytics tool, and ad tech vendor may all be running the same LiteLLM integration. A 40-minute compromise window is one that touches every one of them at once.
What the Martech Stack Looks Like to an Attacker
Only 37% of organizations have implemented appropriate safeguards for the AI tools they already use, despite 66% expecting AI to play a major role in shaping cybersecurity in 2025. The gap between expectations and implementation is the one attackers are exploiting.
The specific vulnerabilities in marketing technology stacks that make them attractive supply chain targets are not exotic: shadow AI tools adopted by individual team members without IT review; OAuth grants and browser extensions that quietly expand the trust graph without permission audits; SaaS integrations connected to customer data repositories without data minimization review; AI tools processing customer PII without the security standards applied to core enterprise systems.
The AI Stack Inventory template this Substack released last month exists partly to address this. Knowing what AI tools are in your stack, what data they access, and what vendor accountability gaps exist is the prerequisite for any security posture at all. An organization that cannot answer those questions has not yet begun to address the supply chain risk the Google zero-day report illustrates.
The Marketing Governance Implications
For CMOs, the AI security question intersects with governance in three specific ways.
Vendor diligence now has a security dimension that marketing rarely owned. The vendor diligence checklist in this series covers training data, bias testing, and incident notification. It should now also include: what is the vendor’s software dependency review process? Do they monitor open-source packages for supply chain compromise? What is their mean time to notify customers of a security incident? These are questions marketing has historically deferred to IT. In a world where AI tools are procured by marketing teams and managed as marketing infrastructure, they belong in the conversation about marketing governance.
Customer data in AI tools is a breach surface, not just a compliance question. Most discussions of customer data in marketing AI tools focus on privacy compliance - GDPR, CCPA, the EU AI Act. The supply chain attack vector reframes this: customer data processed by an AI tool running on compromised infrastructure has been exfiltrated, regardless of whether the marketing team did anything wrong. The legal and reputational exposure of a customer data breach originating in a compromised martech vendor is identical to one originating in the marketing team’s own systems.
The brand damage from a downstream breach lands on the CMO. When a supply chain compromise reaches a marketing platform and exfiltrates customer data, the customer does not receive a notification that says “your data was stolen from LiteLLM.” They receive one that says “your data was stolen from [Brand].” Accountability for the customer relationship, trust repair, and public communications rests with the CMO - regardless of where in the vendor chain the breach originated.
Hackers are rapidly adopting AI to find previously unknown software flaws. The marketing technology ecosystem is a target-rich environment. The zero-day that Google caught last week was the first AI-generated exploit they had documented. It will not be the last, and the defensive infrastructure of most marketing organizations has not kept pace.
Ethicore Advisors Author’s Note
Craig McDonogh is the founder of Ethicore Advisors and the author of the forthcoming book “Guardrails: How to Embrace AI Without Damaging Your Brand.” He advises CMOs and senior marketing leaders on AI governance, reputational risk, and responsible deployment. The AI Stack Inventory Template, Governance One-Pager, and Regulatory Tracker are available on our resources page. If your organization is auditing its martech security posture and vendor diligence practices, Ethicore Advisors is where that conversation starts.