Welcome back to 4IR. Here’s today’s lineup:

• AI hacking tool exploits zero-day vulnerabilities in under 10 minutes - Check Point reveals weaponized AI that turns script kiddies into elite hackers, 540% spike in prompt injection attacks

• Google bets smart home dominance on Gemini AI - New Nest cameras with natural language search, $23 Walmart partnership undercuts competition, Home Speaker launching Spring 2026

• Meta mining AI conversations for ads starting December 16 - 1 billion Meta AI users can’t opt out of data collection, UK/EU exempted, notification rollout starts October 7

AI hacking tool exploits zero-day vulnerabilities in under 10 minutes

The story: Check Point dropped a report today showing that Hexstrike-AI, originally a defensive penetration testing tool, is now weaponized on the dark web. The AI autonomously directs 150+ specialized agents to find and exploit zero-day vulnerabilities in under 10 minutes—a process that used to take elite hackers days or weeks. Cybercriminals are calling it a transformation from “coder-workers” to “operators.”

What we know:

• HackerOne’s annual report shows prompt injection attacks surged 540% year-over-year

• Overall AI vulnerabilities increased 200%, AI program adoption up 270%

• 70% of security researchers now use AI tools, autonomous “hackbots” submitted 560+ valid vulnerability reports

• Bug bounty programs paid $81 million in 2025, 13% increase

• Citrix announced three major zero-day vulnerabilities in NetScaler products same day

Why it matters: The gap between offensive and defensive AI capabilities just became a chasm. When weaponized AI can autonomously exploit vulnerabilities in minutes, the entire cybersecurity model breaks. Every company deploying AI is simultaneously creating and facing new attack surfaces they don’t fully understand.

Here’s the real problem: democratization. Elite hacking used to require years of expertise. Now it requires a dark web purchase and basic operational knowledge. HackerOne CEO Kara Sprague said “AI demands a different approach to risk and resilience,” which is corporate-speak for “we don’t know how to defend against this yet.” The timing with Citrix’s zero-days isn’t coincidence—it’s a preview of the new normal.

Google bets smart home dominance on Gemini AI

The story: Google announced a full lineup of Gemini-powered smart home devices today: Nest Cam Indoor ($99.99), Outdoor ($149.99), and Doorbell ($179.99) with 2K HDR video. The real move is “Ask Home”—natural language video search that lets you say “show me when the dog escaped” instead of scrubbing through hours of footage. They’re also launching budget devices with Walmart: $22.96 indoor camera and $49.86 doorbell, both with Gemini features.

What we know:

• All devices feature 2K HDR video, 152-166° field of view, DXOMARK #1 rankings

• “Ask Home” provides natural language search, AI-generated Home Brief summaries

• Free event video history doubles to 6 hours from previous generations

• Walmart partnership brings Gemini to sub-$25 price points

• Google Home Speaker with dedicated Gemini processing launching Spring 2026 at $99.99

• Early access begins end of October for US, Canada, UK, Ireland, Australia

Why it matters: Google is using AI to differentiate against Amazon Alexa’s smart home dominance. While Amazon focused on voice shopping and integrations, Google bet on language understanding. If “show me when the dog escaped” actually works reliably, that’s a feature worth paying for.

The Walmart play is critical. Amazon owns the budget smart home market through sheer volume and Prime integration. Google can’t compete on price or logistics, so they’re competing on AI capabilities at mass-market prices. The Spring 2026 speaker with custom Gemini processing signals this is a multi-year platform play, not just a product refresh. The question is whether consumers care enough about better AI to switch ecosystems.

Meta mining AI conversations for ads starting December 16

The story: Meta announced today that starting December 16, all interactions with Meta AI—text and voice—will feed their ad targeting and content personalization across Facebook and Instagram. If you use Meta AI, you can’t opt out. UK, EU, and South Korea are exempted due to GDPR. Conversations about religion, sexual orientation, politics, health, or race won’t be used for ad targeting, but everything else is fair game.

What we know:

• Meta AI hit 1 billion monthly active users in May 2025

• Policy change notifications begin October 7

• No opt-out for users who engage with Meta AI (except UK/EU/South Korea)

• Sensitive topics excluded from ad targeting: religion, sexual orientation, politics, health, race/ethnicity

• Applies to both text and voice conversations with Meta AI

Why it matters: Meta just turned their AI assistant into the world’s largest focus group. Every question you ask Meta AI about products, travel, recipes, or problems becomes training data for showing you ads. With 1 billion users, that’s an unprecedented dataset for predicting purchase intent.

Here’s what’s not said: Meta can claim they’re excluding “sensitive topics” from ad targeting, but they’re absolutely using those conversations to improve their AI models. The regional exemptions prove they could offer opt-out globally—they’re choosing not to because the business model depends on it. The December 16 timing gives users two months to forget about the October notifications before data collection starts. Smart if cynical.

Note: Commentary sections are editorial interpretation, not factual claims