AI finds the vulnerabilities, but exploiting them is a different problem.

Sophos outlines how AI accelerates vulnerability discovery but not new exploitation primitives, and argues that architectural, default-on endpoint mitigations are the most durable defense. The report describes an April 2026 supply-chain compromise of CPU-Z that delivered a signed trojanized installer which loaded a malicious CRYPTBASE.dll to run an in-memory RAT with credential theft on 150+ systems, showing how abuse of legitimate functionality and primitive-level behavior are central risks.