Google CEO Sundar Pichai said AI models could break widely used software and prices for zero-day exploits on the black market could fall. The comments came during a conversation about the Cheeky Pint Podcast with Patrick Collison, CEO of Stripe.
What Pichai said
The discussion touched on the constraints facing building AI infrastructure as Pichai turned to security as a less visible risk.
Pichai said:
“These models are definitely going to break just about any software. Maybe we don’t already know that as we sit here and talk.”
Elad Gil mentioned hearing that zero-day black market prices were falling because AI was increasing the supply of detectable vulnerabilities. Pichai said he was “not surprised at all,” although he did not cite any specific pricing data.
Pichai presented security threats as a hidden constraint on AI deployment, alongside memory and energy provisioning. He said the situation would require “more coordination, which is not the case today” and predicted a potential “difficult moment” ahead.
“I don’t think you can wish them away,” Pichai said.
What the data shows
Google Threat Intelligence Group tracking 90 zero-day exploits used in attacks in 2025, up from 78 in 2024. Nearly half targeted enterprise software, a record high.
The GTIG report predicts that AI would “accelerate the ongoing race between attackers and defenders” in 2026. It states that adversaries will likely use AI to accelerate reconnaissance, discovery of vulnerabilities and development of exploits.
While Pichai and Gil described a fall black market prices, industry reports in the separate commercial exploitation market showed that prices were maintained or increased in some categories as sellers toughen up their products.
Why it matters
Every website runs on software with potential vulnerabilities. WordPress plugins, server configurations, third-party scripts, and authentication systems are all part of the attack surface that AI-assisted exploit discovery could target more quickly.
If AI accelerates the rate at which vulnerabilities are discovered and exploited, the window between an existing vulnerability and an attacker using it shortens. This puts more pressure on maintaining current patches and auditing their dependencies.
Google’s threat data shows an increase in the volume of exploits and an acceleration in AI discovery, although the pricing claim lacks detail.
Looking to the future
Pichai’s comments were conversational and did not constitute a formal statement of Google policy. But they come from someone who oversees both the company’s AI models and its threat intelligence operations.
Gap between AI capabilities and security readiness is a theme Google threat researchers have documented with increasing urgency. The GTIG report expects AI to accelerate both offense and defense.
Featured image: FotoField/Shutterstock
