A new AI tool – built to help companies find and fix their own security weaknesses – has been snatched up by cybercriminals, turned on its head, and used as a devastating hacking weapon exploiting zero-day vulnerabilities.

According to a report from cybersecurity firm Check Point, the framework – called Hexstrike-AI – is the turning point that security experts have been dreading, where the sheer power of AI is put directly into the hands of those who want to do harm.

A tool for good, twisted for bad

Hexstrike-AI was supposed to be one of the good guys. Its creators described it as a “revolutionary Al-powered offensive security framework” that was designed to help security professionals think like hackers to better protect their organisations.

Think of it as an AI “brain” that acts as a conductor for a digital orchestra. It directs over 150 different specialised AI agents and security tools to test a company’s defences, find weaknesses like zero-day vulnerabilities, and report back.

The problem? What makes a tool great for defenders also makes it incredibly attractive to attackers. Almost immediately after its release, chatter on the dark web lit up. Malicious actors weren’t just discussing the tool; they were actively figuring out how to weaponise it.

The race against zero-day vulnerabilities just got shorter

The timing for this AI hacking tool couldn’t have been worse. Just as Hexstrike-AI appeared, Citrix announced three major “zero-day” vulnerabilities in its popular NetScaler products. A zero-day is a flaw so new that there’s been zero days to create a patch for it, leaving companies completely exposed.

Normally, exploiting such complex flaws requires a team of highly skilled hackers and days, if not weeks, of work. With Hexstrike-AI, that process has been reduced to less than 10 minutes.

The AI brain does all the heavy lifting. An attacker can give it a simple command like “exploit NetScaler,” and the system automatically figures out the best tools to use and the precise steps to take. It democratises hacking by turning it into a simple, automated process.

As one cybercriminal boasted on an underground forum: “Watching how everything works without my participation is just a song. I’m no longer a coder-worker, but an operator.”

What these new AI hacking tools means for enterprise security

This isn’t just a problem for big corporations. The speed and scale of these new AI-powered attacks mean that the window for businesses to protect themselves from zero-day vulnerabilities is shrinking dramatically.

Check Point is urging organisations to take immediate action:

• Get patched: The first and most obvious step is to apply the fixes released by Citrix for the NetScaler vulnerabilities.

• Fight fire with fire: It’s time to adopt AI-driven defence systems that can detect and respond to threats at machine speed, because humans can no longer keep up.

• Speed up defences: The days of taking weeks to apply a security patch are over.

• Listen to the whispers: Monitoring dark web chatter is no longer optional; it’s a source of intelligence that can give you a much-needed head start on the next attack.

What once felt like a theoretical threat is now a very real and present danger. With AI now very much an actively weaponised hacking tool for exploiting zero-day vulnerabilities, the game has changed, and our approach to security has to change with it.

See also: AI security wars: Can Google Cloud defend against tomorrow’s threats?

Want to learn more about AI and big data from industry leaders? Check out AI & Big Data Expo taking place in Amsterdam, California, and London. The comprehensive event is part of TechEx and is co-located with other leading technology events, click here for more information.
AI News is powered by TechForge Media. Explore other upcoming enterprise technology events and webinars here.