The threat has reached a historic milestone. For the first time, a zero-day exploit developed with the aid of AI by cybercriminals has been identified.
For cybersecurity managers, the challenge is changing in nature. Where traditional scanning tools (fuzzers, static analysis) hunt for memory or syntax errors, state-of-the-art language models now excel at detecting semantic, logical flaws.
AI is capable of “reading” a developer’s intent and spotting trust exceptions or strategic anomalies that may appear functionally correct to conventional scanners.
The Attack at Machine Speed
According to the latest report from Google Threat Intelligence Group (GTIG), there is a critical shift toward agentic workflows. State-linked groups (notably the PRC and DPRK) are using frameworks like Hexstrike or Strix to orchestrate complex tasks without constant human oversight.
- Hexstrike uses temporal knowledge graphs to maintain the state of an attack surface and autonomously pivot between different reconnaissance tools.
- PROMPTSPY, an Android malware, uses AI agents to interpret the victim’s UI in real time and generate dynamic execution commands (clicks, swipes) based on shifting objectives.
To support these operations, attackers have professionalized their access to AI models. They employ automated onboarding pipelines to create thousands of premium accounts, bypassing CAPTCHAs and SMS verifications.
Middleware tools such as Claude-Relay-Service or CLI-Proxy-API enable criminal groups to pool accounts (OpenAI, Gemini, Claude) at a single entry point, thereby masking their traffic patterns and making detection by AI providers extremely challenging.
AI Supply Chain, the New Weak Link
Attackers are not merely using AI; they are targeting it. The report identifies a surge in attacks on the AI software supply chain.
Popular integration libraries such as LiteLLM or agent frameworks like OpenClaw have been targeted with the insertion of malicious components or trojanized configurations. The objective is to steal cloud API keys (AWS, GitHub) or gain initial access to AI production environments to exfiltrate data at scale.
Faced with this escalation, defensive strategy must rest on three pillars.
- Automating remediation: Tools like Big Sleep (vulnerability discovery) and CodeMender (automatic code repair via Gemini) show that AI can dramatically shrink the exposure window.
- Securing the components: Systematic scanning of AI “skills” marketplaces (such as ClawHub) using behavioral analytics tools becomes imperative.
- Adopting structured frameworks: Google recommends implementing the Secure AI Framework (SAIF) to design and deploy resilient AI systems.
