Cyber threat actors use AI to accelerate extortion and exploitation
Trend
Summary
Hide ▲
Show ▼
Cyber threat actors are shifting to routine operational use of AI, making extortion, reconnaissance, phishing, and exploit timing faster and lower-friction across the criminal ecosystem. The trend matters because attackers can begin scanning for newly announced CVEs within 15 minutes and, in some cases, cut network infiltration and data-exfiltration timelines from three to four weeks to under 25 minutes. AI is also helping low-skilled operators sound more professional, which lowers the barrier to entry for cybercrime and compresses defender response windows.
Related Happenings
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical Analysis
H score3
First: 08.07.2026 18:07
Last: 08.07.2026 18:07
Sources 1
About this happening:
Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
HalluSquatting indirect prompt-injection attack on AI coding assistants
Technical AnalysisAbout this happening: Researchers demonstrated **HalluSquatting**, an indirect prompt-injection technique that can push **AI coding assistants** to fetch attacker-controlled resources and execute code....
SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware
Technical Analysis
H score22
First: 06.07.2026 09:33
Last: 06.07.2026 09:33
Sources 1
About this happening:
**SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...
SKILLCLOAK and SKILLDETONATE expose AI coding-agent skill scanner evasion with runtime-packed malware
Technical AnalysisAbout this happening: **SKILLCLOAK** shows that malicious **AI coding-agent skills** can be rewritten to evade static scanners while still executing, exposing **credentials**, **source code**, and term...
Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises
Security Tool/Service
H score20
First: 28.05.2026 12:55
Last: 28.05.2026 12:55
Sources 1
About this happening:
Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...
Google AI Threat Defense launch adds autonomous AI-attack detection and remediation for enterprises
Security Tool/ServiceAbout this happening: Google Cloud launched **Google AI Threat Defense**, an **always-on autonomous** security platform aimed at stopping **AI-powered cyberattacks** across enterprise environments. The...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical Analysis
H score33
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
**Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Google GTIG analysis of adversary AI use for exploit development and attack orchestration
Technical AnalysisAbout this happening: **Google Threat Intelligence Group** published findings showing **adversaries using AI** for **exploit development** and **attack orchestration**, signaling that model-assisted tr...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
Campaign
H score30
First: 11.05.2026 16:00
Last: 11.05.2026 16:00
Sources 1
About this happening:
An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Prominent cybercrime threat actors AI-assisted zero-day exploitation campaign
CampaignAbout this happening: An **AI-assisted zero-day exploitation campaign** was planned by **prominent cybercrime threat actors**, but the effort was **disrupted before deployment** and did not reach its i...
Timeline
-
17.02.2026 15:45 2 articles · 4mo ago
Unit 42 report on AI-assisted extortion and cybercrime acceleration
Initial DisclosureUnit 42 described low-skilled cybercriminals using LLM-powered AI assistants to automate extortion scripts and pressure tactics, a method the researchers dubbed "vibe extortion". The report said threat actors had moved in 2025 from experimentation to routine operational use, including scanning newly announced CVEs within 15 minutes, parallelizing reconnaissance and initial access attempts, and abusing enterprise AI platforms such as Google Vertex AI, while recommending automated patching, AI-driven response, behavioral email security, and out-of-band verification for sensitive requests.
Show sources
- Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks — www.infosecurity-magazine.com — 17.02.2026 15:45
- Low-Skilled Cybercriminals Use AI to Perform "Vibe Extortion" Attacks — www.infosecurity-magazine.com — 17.02.2026 15:45