AI Wiki — martplus

AI-Assisted Cyberattacks

2 min read

AI-Assisted Cyberattacks

AI models are now actively used by threat actors across the full offensive lifecycle: vulnerability discovery, exploit development, malware creation, and operational support.

What Changed in 2026

Previously AI in security was theoretical or limited to research. Google TIG’s 2026-05-11 disclosure confirmed first in-the-wild AI-generated zero-day exploit code — a 2FA bypass Python script where AI fingerprints (hallucinated CVSS scores, educational docstrings, LLM-characteristic code structure) were clearly identifiable.

AI in the Offensive Lifecycle

Vulnerability discovery: AI compresses time from patch release to working exploit. APT45 sent thousands of repetitive CVE analysis prompts. AI reduces expert-level vulnerability analysis to a commodity operation.

Exploit generation: AI can write working exploit code. The 2FA bypass required valid credentials but exploited a semantic logic flaw — a class of bug humans often overlook, AI can enumerate systematically.

Malware development: Russia-nexus actors used LLM-generated decoy code in CANFAIL and LONGSTREAM malware. APT27 used Gemini for application development (fleet management) suggesting AI as a development accelerator for custom tooling.

Operational support: UNC2814 used Gemini for jailbreaking research. UNC6201 automated premium LLM account registration to bypass usage limits — treating AI APIs as infrastructure to be exploited.

AI Fingerprinting

LLM-generated exploit code leaves detectable markers:

  • Educational/explanatory docstrings
  • Hallucinated metadata (CVSS scores, CVE IDs)
  • Textbook-clean Pythonic structure
  • Detailed help menus and ANSI formatting
  • Consistent style with no personal quirks

These markers enabled Google’s high-confidence AI attribution — but will erode as actors learn to strip them.

Shadow APIs as Attack Surface

CISPA research documented 17 shadow APIs providing unauthorized Claude/Gemini access. These proxy services:

  • Capture all prompts and responses (intelligence collection risk)
  • Enable fine-tuning on exfiltrated data
  • Degrade model quality (Gemini-2.5-flash: 83.82% → 37% accuracy on medical benchmarks)

Implications

  • Exploit development lifecycle is compressing — less time between vulnerability disclosure and active exploitation
  • Nation-state actors already operationalized AI tooling across multiple threat groups simultaneously
  • Attribution via AI code fingerprints is possible now but not permanent
  • Defenders need AI-aware threat intelligence, not just traditional IOC-based detection

Graph View

Backlinks