Hackers Use AI for Exploit Development, Attack Automation

Google Threat Intelligence Group (GTIG) research shows adversaries increasingly use AI and agentic tools to scale cyber operations — from crafting phishing and coding malware to conducting vulnerability research and exploit development. GTIG highlights a suspected AI-assisted zero-day Python exploit that bypasses 2FA, the PromptSpy Android backdoor that leverages LLMs for UI navigation and biometric capture, and examples of China- and North Korea-linked actors (e.g., UNC2814, Silent Chollima) using models and agent frameworks (Hextrike, Strix, OpenClaw) for autonomous reconnaissance, verification, and attack orchestration.