AI Tools Shift Into Live Cyber Operations Across Crime and Espionage
Check Point Research reported that AI use in offensive cyber operations advanced from planning support to direct execution during March and April, with commercial tools such as Claude Code appearing in live criminal, ransomware, mass-exploitation, and state-linked espionage activity. The report cites persistent AI-assisted operations tied to the breach of nine Mexican government agencies and the Bissa Scanner mass-exploitation platform, and says attackers are increasingly using AI to accelerate reconnaissance, exploitation, and post-compromise actions in ways that closely resemble skilled human operators.
The report also identifies new attack surfaces and scaling effects created by enterprise AI adoption. Agentic configuration artifacts including CLAUDE.md, hooks, settings files, and MCP-related files were described as targets for jailbreaks, supply-chain compromise, and credential theft, while the EvilTokens platform was highlighted for using LLMs to automate token theft, email analysis, business email compromise, and multilingual fraud. Check Point said AI is shrinking the patch window for defenders by speeding flaw discovery and weaponization, pointing to exploitation of an LMDeploy SSRF issue within 12 hours of disclosure, while warning that existing victim-side controls remain poorly suited to detecting AI-executed intrusions.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
8 events from the most recent confirmed update back to the earliest known activity.
Intezer details attacker access routes to LLM inference services
On 2026-06-03, Intezer published research describing five ways threat actors obtain LLM inference access, including underground offensive LLMs, crypto-funded intermediaries, leaked API keys, free-tier APIs, and exposed self-hosted servers. The report said exposed self-hosted LLM servers were the most durable abuse path and documented open instances across multiple AI platforms, including signs of active compromise on 14 LocalAI hosts.
Anthropic maps 832 AI-enabled cyber abuse cases to MITRE ATT&CK
On 2026-06-03, Anthropic published an analysis of 832 accounts banned for malicious cyber activity between March 2025 and March 2026, concluding that attackers are using AI deeper into the intrusion lifecycle, including post-compromise tasks such as account discovery and lateral movement. The report also said MITRE ATT&CK does not yet adequately capture AI-enabled behaviors like autonomous orchestration and agentic execution, and noted discussions with MITRE about evolving the framework.
ASEC highlights WormGPT-to-AI-malware expansion
An ASEC article described the evolution of AI-powered cybercrime from early malicious LLM services such as WormGPT into a broader ecosystem that included paid SaaS tools, open-source releases, local uncensored models, and AI-embedded malware such as Promptflux and Promptspy. The report said AI use had expanded beyond phishing content generation into reconnaissance, exploit validation, credential triage, attack orchestration, and malware self-modification.
Check Point publishes March-April 2026 AI threat landscape digest
On 2026-05-26, Check Point Research published a digest summarizing March–April 2026 AI-related cyber threat activity. The report concluded that agentic AI configuration files had become a persistent attack surface and that existing victim-side controls were poorly suited to detecting AI-executed operations.
LMDeploy SSRF exploited within 12 hours of disclosure
In the March–April 2026 period, attackers were reported to have exploited an LMDeploy SSRF vulnerability within 12 hours of its disclosure. The case was presented as evidence that AI is compressing the time between vulnerability disclosure and weaponization.
EvilTokens phishing platform enabled AI-driven token theft and BEC
During March–April 2026, the EvilTokens platform was described as operationalizing LLMs for token theft, email analysis, business email compromise generation, and multilingual fraud at scale. This marked a concrete example of AI-enabled phishing infrastructure being used in the wild.
Bissa Scanner mass-exploitation platform operationalized AI tooling
During March–April 2026, the Bissa Scanner mass-exploitation platform was highlighted as another case where commercial AI tooling was used in active offensive operations. The activity illustrated AI use in scalable criminal exploitation rather than only pre-attack assistance.
Breach of nine Mexican government agencies used Claude Code
During March–April 2026, attackers reportedly used the commercial AI tool Claude Code persistently in a live intrusion affecting nine Mexican government agencies. The case was cited as evidence that AI had moved from planning support into real-time operational deployment.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
7 references tracked. Mallory keeps watching after this page renders.
AI is helping low-skill hackers pull off advanced cyberattacks - Help Net Security
helpnetsecurity.com
Open source‘These sorts of post-compromise techniques used to be restricted to actors with the technical knowledge to carry them out’: Anthropic warns AI is helping lower the bar for up-and-coming hackers | IT Pro
itpro.com
Open sourceHow attackers are gaining access to LLM inference - Intezer
intezer.com
Open sourceWhat we learned mapping a year’s worth of AI-enabled cyber threats \ Anthropic
anthropic.com
Open sourceThe AI-Embedded SOC: An Operating Model for the Asymmetry Era | by Omar Tarek Zayed | May, 2026 | Detect FYI
detect.fyi
Open sourceThe proliferation and evolution of AI-powered hacking tools - how generative AI has changed the cyber attack ecosystem and response strategies - ASEC
asec.ahnlab.com
Open sourceAI Threat Landscape Digest March-April 2026 - Check Point Research
research.checkpoint.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI-Enabled Threats and Security Failures Across Edge Devices, AI Agents, and Infostealer Campaigns
Threat actors are increasingly operationalizing AI and automation to scale attacks and exploit weak controls across both enterprise and consumer environments. An open-source offensive platform dubbed **CyberStrikeAI**—a Go-based “AI-native security testing” framework integrating 100+ tools—was observed in infrastructure used to target **Fortinet FortiGate** edge devices at scale; researchers linked activity to an IP (212.11.64.250) exposing a `CyberStrikeAI` banner and to scanning/communications patterns consistent with mass exploitation. Separately, a newly disclosed and rapidly patched **OpenClaw** vulnerability showed how AI agent tooling can be hijacked: researchers reported that a malicious website could take over a developer’s locally running agent due to inadequate trust-boundary validation, prompting urgent upgrades to **OpenClaw v2026.2.25+**. In parallel, a “vibe-coding” hosted app on the *Lovable* platform leaked data impacting **18,000+ users** after a researcher found **16 flaws (six critical)** tied to mis-implemented backend controls (including missing/incorrect row-level security in *Supabase*), enabling unauthorized access to records and actions like bulk email and account deletion. Criminal monetization also continues to evolve beyond AI-agent risks. **AuraStealer**, a Russian-language infostealer positioned as a successor/competitor after Lumma disruptions, was advertised on multiple underground forums and is supported by a sizable C2 footprint; analysis of 200+ samples identified **48 C2 domains**, with operators abusing low-cost TLDs (e.g., `.shop`, `.cfd`) and using **Cloudflare** as a reverse proxy to mask origin infrastructure. Broader reporting and commentary reinforced that identity and access failures remain a dominant breach driver and that AI adoption is expanding the attack surface via over-privileged agents and “shadow AI,” while ransomware operators increasingly target recovery paths (including backups) and dwell to corrupt restore points. Several items in the set were non-incident thought leadership or workforce content (skills gap, jobs listings, awards, and general AI security tips) and did not add event-specific technical details beyond high-level risk framing.
Mar 21, 2026
AI-Accelerated Intrusions and Malware Campaigns Reduce Time to Domain Compromise
Threat actors increasingly abused *legitimate AI tools* and automation to accelerate intrusions, with CrowdStrike reporting an **89% YoY increase in AI-enabled adversary activity** and an average eCrime breakout time dropping to **29 minutes** (fastest observed **27 seconds**). CrowdStrike also described attackers poisoning or hijacking local AI tooling via **malicious JavaScript embedded in npm packages** targeting tools such as *Claude* and *Gemini* to steal credentials and crypto assets, and highlighted a **CHATTY SPIDER** intrusion that began with voice phishing and remote access via **Microsoft Quick Assist**, followed by attempted exfiltration using **WinSCP** and a fallback to **Google Drive** when blocked. Separate reporting detailed additional active campaigns and exploitation trends consistent with faster initial access and persistence: **UAC-0050 (DaVinci Group / “Mercenary Akula”)** used spear-phishing with spoofed Ukrainian judicial themes and multi-layer archives (ZIP→RAR→passworded 7z) to deliver an `*.pdf.exe` dropper that installed **Remote Manipulator System (RMS)** for remote control and file transfer against a European financial institution. **UnsolicitedBooker** shifted targeting to telecoms in Kyrgyzstan and Tajikistan, using phishing documents that prompt “Enable Content” to run macros that drop loaders (e.g., **LuciLoad**, **MarsSnakeLoader**) and deploy **LuciDoor** and **MarsSnake** backdoors. Vulnerability intelligence for January 2026 also warned of **active exploitation** including **APT28** use of a Microsoft Office zero-day (**CVE-2026-21509**) via weaponized RTFs to deliver implants (e.g., **Covenant**), alongside multiple critical authentication-bypass and RCE issues affecting enterprise platforms—reinforcing that adversaries are combining rapid social engineering, supply-chain style delivery, and exploited vulnerabilities to compress dwell time and speed lateral movement.
Mar 21, 2026
CyberStrikeAI Accelerates Automated Attacks on Edge Devices
An AI-orchestrated offensive framework called **CyberStrikeAI** has moved from a public GitHub release to apparent operational use by threat actors, highlighting how artificial intelligence is speeding up established attack techniques rather than replacing them. The framework reportedly combines more than 100 tools for reconnaissance, exploitation, and reporting under an orchestration layer that automates multi-step intrusion chains, and researchers said they observed at least 21 unique IP addresses running related infrastructure in early 2026. One reported incident linked the tool to a successful attack against **Fortinet FortiGate** appliances, reinforcing concerns that internet-facing edge devices such as firewalls and VPN systems remain attractive targets because they are often under-patched and lightly monitored. Broader reporting indicates AI is amplifying multiple attack categories at once, including social engineering, vulnerability exploitation, authentication attacks, and side-channel techniques, while also creating a growing attack surface around AI systems themselves. Security researchers and industry observers warn that AI-enabled phishing, deepfakes, automated vulnerability discovery, prompt injection, data poisoning, jailbreaking, model manipulation, API abuse, and malicious models are making attacks faster and more scalable. The trend underscores the need for organizations to verify exploitability, accelerate remediation of exposed assets, and continuously test defenses as offensive operations become more autonomous.
Jun 8, 2026