GTIG AI Threat Tracker: Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access

The report details PROMPTSPY, an AI-augmented Android backdoor that can capture biometric gestures, block uninstallation via overlay-based touch interception, dynamically update C2 components (including LLM API keys and VNC relays), and be relaunchable via Firebase Cloud Messaging; it also highlights GTIG's broader findings of adversaries leveraging LLMs and agentic frameworks for high-fidelity reconnaissance, automated vulnerability discovery, and AI-supported information operations across multiple nation-aligned actors.