{"id":2698,"date":"2025-09-06T19:55:13","date_gmt":"2025-09-06T19:55:13","guid":{"rendered":"https:\/\/ft365.org\/index.php\/2025\/09\/06\/threat-actors-abuse-hexstrike-ai-tool-to-accelerate-exploitation\/"},"modified":"2025-09-06T19:55:13","modified_gmt":"2025-09-06T19:55:13","slug":"threat-actors-abuse-hexstrike-ai-tool-to-accelerate-exploitation","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2025\/09\/06\/threat-actors-abuse-hexstrike-ai-tool-to-accelerate-exploitation\/","title":{"rendered":"Threat Actors Abuse Hexstrike-AI Tool to Accelerate Exploitation"},"content":{"rendered":"
\n

\"Photo<\/p>\n<\/div>\n

\n

A new agentic AI-powered tool for red teams is already being abused by threat actors to rapidly accelerate and simplify vulnerability exploitation, Check Point has warned.<\/p>\n

Hexstrike-AI is built around an abstraction and orchestration \u201cbrain.\u201d This uses AI agents to run over 150 cybersecurity tools to perform tasks such as penetration testing, vulnerability discovery, bug bounty automation\u00a0and security research, according to Check Point.<\/p>\n

\u201cThe agents (150+ tools) perform specific actions; scanning, exploiting, deploying persistence, exfiltrating data,\u201d it explained.<\/p>\n

\u201cThe abstraction layer translates vague commands like \u2018exploit NetScaler\u2019 into precise, sequenced technical steps that align with the targeted environment.\u201d<\/p>\n

The security vendor has already observed threat actor chatter on the dark web discussing how to use Hexstrike-AI to exploit\u00a0three new Citrix NetScaler zero-days disclosed last week.<\/p>\n

\u201cExploiting these vulnerabilities is non-trivial. Attackers must understand memory operations, authentication bypasses, and the peculiarities of NetScaler\u2019s architecture. Such work has historically required highly skilled operators and weeks of development,\u201d Check Point claimed.<\/p>\n

\u201cWith Hexstrike-AI, that barrier seems to have collapsed. Instead of painstaking manual development, AI can now automate reconnaissance, assist with exploit crafting, and facilitate payload delivery for these critical vulnerabilities.\u201d<\/p>\n

Read more on agentic AI: #BHUSA: Exploring the Top Cyber Threats Facing Agentic AI Systems<\/em><\/p>\n

The result is that a task which could have taken days or weeks can now be accomplished in under 10 minutes. Agents can scan thousands of IPs simultaneously, with any failed attempts retried with variations until successful, Check Point warned.<\/p>\n

\u201cThe window between disclosure and mass exploitation shrinks dramatically,\u201d it added.<\/p>\n

\u201cCVE-2025-7775 is already being exploited in the wild, and with Hexstrike-AI, the volume of attacks will only increase in the coming days.\u201d<\/p>\n

Patch and Harden<\/h2>\n

Network defenders must patch and harden systems without delay to mitigate the threat posed by abuse of agentic AI tools like Hexstrike-AI, the report urged. Automated patch validation and deployment will help in this regard.<\/p>\n

Beyond this, organizations should:<\/p>\n