"If there's a constant in cybersecurity, it's that adversaries are always innovating. The rise of offensive AI is transforming attack strategies and making them harder to detect. Google's Threat Intelligence Group, recently reported on adversaries using Large Language Models (LLMs) to both conceal code and generate malicious scripts on the fly, letting malware shape-shift in real-time to evade conventional defenses. A deeper look at these novel attacks reveals both unprecedented sophistication and deception."
"In November 2025, Anthropic reported on what it described as the first known "AI-orchestrated cyber espionage campaign." This operation featured AI integrated throughout the stages of attack, from initial access to exfiltration, which was executed largely autonomously by the AI itself. Another recent trend concerns ClickFix-related attacks using steganography techniques (hiding malware within image files) that slipped past signature-based scans."
"Adversaries are also exploiting ways to trigger and then compromise anti-virus (AV) exclusion rules by using a combination of social engineering, attack-in-the-middle, and SIM swapping techniques. Based on research from Microsoft's threat team from October 2025, the threat actor they call Octo Tempest convinced its victims to disable various security products and automatically delete email notifications. These steps allowed their malware to spread across an enterprise network without tripping endpoint alerts."
Adversaries increasingly use large language models to conceal code and generate malicious scripts in real time, enabling malware to shape-shift and evade detection. AI has been integrated across entire attack chains, allowing autonomous execution from initial access through exfiltration. Steganography-based ClickFix attacks hide malware inside images and disguise payloads as software updates or CAPTCHAs, tricking users into installing RATs and info-stealers. Attackers manipulate AV exclusion rules through social engineering, man-in-the-middle actions, and SIM swapping to disable security and delete notifications, enabling lateral movement. Dynamic, adaptive tools further detect and disable AV on endpoints, exposing limitations of relying solely on legacy EDR and AV.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]