- Threat actors are using the new HexStrike AI tool to exploit recent security vulnerabilities.
- HexStrike AI can automate security testing and supports over 150 other tools.
- Cybercriminals claim to have used HexStrike AI to target Citrix security flaws.
- Experts warn that AI tools like HexStrike AI could accelerate and scale up cyberattacks.
- Researchers highlight risks in using AI-powered security agents in hostile environments.
A newly launched Artificial Intelligence tool, HexStrike AI, is being used by threat actors to take advantage of recently disclosed Cybersecurity weaknesses. According to recent reports, attackers are turning to HexStrike AI in an effort to carry out cyberattacks more efficiently and at faster speeds.
HexStrike AI, promoted as an AI-driven platform for automating security checks, integrates with more than 150 security tools to assist network scanning, web application testing, reverse engineering, and cloud security tasks. The tool provides access to AI agents focused on vulnerability detection and exploit development, as detailed on the official HexStrike AI website and its GitHub repository.
A report from Check Point states that cybercriminals have already attempted to use HexStrike AI to exploit vulnerabilities in Citrix products that were revealed last week. Information shared in darknet forums suggests that these actors are offering access to systems found to be vulnerable through this AI tool. “This marks a pivotal moment: a tool designed to strengthen defenses has been claimed to be rapidly repurposed into an engine for exploitation, crystallizing earlier concepts into a widely available platform driving real-world attacks,” the Check Point team explained in a company statement.
Researchers warn that this approach reduces the time between a security vulnerability’s public disclosure and when attackers begin to exploit it. The AI platform can also repeatedly try failed attacks until they succeed, increasing the potential damage. According to Check Point, “The immediate priority is clear: patch and harden affected systems. Hexstrike AI represents a broader paradigm shift, where AI orchestration will increasingly be used to weaponize vulnerabilities quickly and at scale.”
A separate study conducted by researchers from Alias Robotics and Oracle Corporation notes that AI-powered cybersecurity agents like PentestGPT could become an attack vector. Special risks like “prompt injection,” where attackers use hidden commands to manipulate these agents, may turn security tools into potential cyber weapons. The researchers wrote, “The hunter becomes the hunted, the security tool becomes an attack vector, and what started as a penetration test ends with the attacker gaining shell access to the tester’s infrastructure,” in a study available here.
Experts recommend implementing strong defensive measures and keeping systems updated to counter these evolving AI-driven cybersecurity threats.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Bitcoin, Ethereum, BNB Expected to Hit New Highs By Year-End
- Bitfinex Delists 10 Tokens with September 18 Withdrawal Deadline
- U.S. Climbs to No.2 in Crypto Adoption as ETFs Boost Demand.
- Saylor Dilutes Strategy Shareholders by $735M After Broken Promise
- Venus Protocol restores services after $27M exploit recovery
