AI exploitation operations have evolved from experimental activity into large-scale adversarial workflows, according to a new report from Google Threat Intelligence Group. The report outlined how threat actors are integrating generative AI into vulnerability research, exploit creation, malware engineering, reconnaissance, and information operations. Google said the findings were based on Mandiant incident response engagements, Gemini-related observations, and proactive threat research.
π Key Highlights
- GTIG identified AI-assisted zero-day exploit development activity
- PROMPTSPY malware used LLMs for Android attack automation
- Threat actors automated large-scale LLM account provisioning workflows
- PRC and DPRK-linked actors researched AI-driven vulnerability discovery
- AI supply chain attacks targeted development platforms and integrations
Researchers identified a cybercrime operation involving a zero-day exploit that GTIG believes was developed with assistance from an AI model. The exploit targeted a popular open-source web administration platform and enabled a two-factor authentication bypass when valid credentials were already available. Google worked with the affected vendor to disclose the vulnerability and disrupt the planned mass exploitation activity before deployment.
The report described increasing interest from threat actors linked to the Peopleβs Republic of China and the Democratic Peopleβs Republic of Korea in AI-assisted vulnerability discovery. GTIG observed actors using persona-based prompting techniques, vulnerability datasets, and agentic tools to improve exploit research workflows. In one case, APT45 reportedly submitted thousands of prompts to analyze CVEs and validate proof-of-concept exploits at scale.
Google also documented how malware developers are embedding AI capabilities directly into attack infrastructure. PROMPTSPY, an Android backdoor examined by GTIG, used an LLM-driven automation component to interpret device interfaces, generate commands, and simulate user gestures. The malware also included mechanisms designed to block uninstallation attempts, relaunch compromised sessions, and dynamically rotate command-and-control infrastructure during operations.
Beyond malware development, GTIG said threat actors increasingly rely on AI systems for reconnaissance, operational planning, and scalable abuse of commercial LLM services. The report detailed the use of proxy relays, automated account registration pipelines, and account pooling systems intended to maintain anonymized access to premium AI models. Google also highlighted supply chain attacks targeting AI ecosystems, including malicious packages distributed through development platforms and compromised repositories tied to credential theft and ransomware-related activity.
π What This Means (Our Analysis)
The report shows how AI is shifting from a supporting research tool into an operational component embedded directly within cyberattack infrastructure. Threat actors are no longer using generative models only for experimentation or productivity gains. The technology is now influencing exploit discovery, malware execution, reconnaissance, and autonomous decision-making inside active attack chains.
What makes this development notable is the scale and automation described throughout the report. AI systems are helping attackers compress timelines, automate repetitive work, and manage increasingly complex operations with less manual effort. The findings also suggest the competitive advantage in cyber operations may increasingly depend on how effectively organizations defend AI-enabled environments while adapting to faster-moving and more adaptive threats.
π Our Take: The next phase of cybersecurity will likely be defined by how quickly defenders respond to AI-driven operational scale.