Alibaba's published a paper giving a strong example of what Sundar Pichai is warning about.

Rohan Paul Twitter · Rohan Paul (@rohanpaul_ai) · 2026-05-17

Alibaba researchers publish a paper showing LLMs can move beyond identifying software bugs to actively confirming that vulnerabilities are exploitable, escalating AI's role in offensive cybersecurity.

Open original ↗

Appears in

AI as an Offensive Cybersecurity Threat

Extraction

Topics: ai-securityllm-capabilitiesvulnerability-researchoffensive-security

Claims

LLMs can now verify that software vulnerabilities are exploitable, not merely detect their existence.
This capability shift represents a meaningful escalation from passive bug-finding to active exploit confirmation.
Alibaba's findings illustrate a concrete instance of AI security risks that Sundar Pichai and others have warned about.

Key quotes

Shows AI is moving beyond bug finding and into actually proving software is exploitable.

can LLMs confirm software [is exploitable]