THREAT actors are increasingly using AI tools to speed exploit development and drive attack orchestration, a trend underscored by new research from Google into AI-enabled cyber operations. According to Google, adversaries have leveraged large language models for activities ranging from phishing and malware coding to vulnerability research and exploit development.
The report notes examples such as a zero-day exploit that the Threat Intelligence Group (GTIG) believes was developed with AI, including a Python script that bypasses two-factor authentication on a popular open‑source system administration tool. It also mentions Chinese and North Korean actors, including UNC2814 and Silent Chollima (APT45), showing interest in using LLMs for vulnerability research and automated attack capabilities.
Beyond exploitation, threat actors are experimenting with agentic tools like OpenClaw and OneClaw to assist vulnerability research and autonomous workflows to execute multi-stage tasks, with cases of AI-driven orchestration and automated verification across an attack surface.