Google threat researchers have documented confirmed AI-assisted exploit development and nation-state operationalization of large language models including Gemini and Claude across the full attack lifecycle. Simultaneously, attacks targeting AI development environments, ML dependency pipelines, and a disclosed-and-patched AI CLI tool vulnerability confirm that AI toolchain supply chain risk is active. No formal CVE assignment exists for this campaign cluster; risk must be assessed from exposure conditions rather than CVSS scoring.