LIVE FEED
AI Agents Generate Custom Malware in Mexico, Brazil

AI Agents Generate Custom Malware in Mexico, Brazil

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.5 Dark Reading

Two threat campaigns targeting organisations in Mexico and Brazil have leveraged AI agents to dynamically generate customised hacking tools, marking a notable escalation in automated, AI-assisted cyberattacks. The use of AI agents for on-the-fly tool generation lowers the technical barrier for attackers and accelerates the attack cycle. This represents a concrete, in-the-wild demonstration of agentic AI being exploited as an offensive capability.

AI-Powered Exploit Development by Threat Actors

AI-Powered Exploit Development by Threat Actors

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Dark Reading

Threat actors are now actively deploying large language models to accelerate exploit development and automate complex cyberattack workflows, marking a significant evolution in adversarial tooling. This shift lowers the technical barrier for sophisticated attack execution, enabling less-skilled actors to produce functional exploits at scale. The trend signals a structural change in the offensive threat landscape, with AI acting as a force multiplier for adversaries.

PromptSpy Zero-Day: AI-Generated Malware for Mass Exploitation

PromptSpy Zero-Day: AI-Generated Malware for Mass Exploitation

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 Mandiant Blog

Google's Threat Intelligence Group (GTIG) has identified, for the first time, a criminal threat actor using a zero-day exploit believed to have been AI-generated, intended for mass exploitation before proactive counter-discovery intervened. The report also documents AI-augmented malware development, autonomous attack orchestration via AI-enabled malware (PROMPTSPY), and obfuscated LLM access pipelines used by adversaries to bypass usage controls. Nation-state actors from China and North Korea are actively pursuing AI-assisted vulnerability discovery, marking a significant escalation in adversarial AI capability.

Model Extraction Attacks Surge: Google GTIG Q4 Report

Model Extraction Attacks Surge: Google GTIG Q4 Report

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 Mandiant Blog

Google Threat Intelligence Group's Q4 2025 AI Threat Tracker documents a meaningful escalation in adversarial AI misuse, including a surge in model extraction (distillation) attacks, nation-state operationalisation of LLMs for phishing and reconnaissance, and the emergence of AI-integrated malware families such as HONESTCUE that leverage Gemini's API. While no breakthrough capabilities have been observed from APT actors, the integration of agentic AI for tooling development signals a maturing threat landscape. Defenders should prioritise monitoring for model extraction activity, API abuse, and AI-augmented social engineering campaigns.

0x4F0x3A0xFF0x0D0x7B0xC20xA10x550x0D0x7B0xC20xA10x550xE80x120x9F0xA10x550xE80x120x9F0xD40x2E0x880x120x9F0xD40x2E0x880x610xB30x4F0x2E0x880x610xB30x4F0x3A0xFF0x0D0xB30x4F0x3A0xFF0x0D0x7B0xC20xA10xFF0x0D0x7B0xC20xA10x550xE80x12RESEARCHSchneier on SecurityMEDIUMLLM Jailbreak Adoption Surges Across 160+Cybercrime Forums

LLM Jailbreak Adoption Surges Across 160+ Cybercrime Forums

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.2 Schneier on Security

A new academic paper analysed over 160 cybercrime forum conversations to understand how threat actors are discussing and adopting AI tools for criminal purposes. The research documents both misuse of legitimate AI platforms and attempts to build bespoke criminal AI models, revealing early-stage diffusion of AI capabilities within cybercriminal communities. The findings carry practical implications for law enforcement and security practitioners monitoring the evolving AI-enabled threat landscape.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.