
AI Now Empowers Every Stage of Cyberattacks, Blurring Human Roles
Cybersecurity firm Check Point released a report Monday highlighting how artificial intelligence (AI) is now involved in every stage of cyberattacks, from initial reconnaissance to data exfiltration. This marks a significant shift from just two years ago when hackers primarily used AI for tasks like translating technical material and troubleshooting malicious code.
The research indicates that AI systems are increasingly taking over more complex roles within these operations, such as generating commands, testing vulnerabilities, and moving through victim networks with minimal human oversight. In some cases, the technology has enabled cybercriminals to carry out thousands of actions autonomously, a capability previously thought to require extensive human direction.
"We watched criminal groups breach government agencies at scale, using AI as the primary operator rather than a background assistant," states the report. These findings suggest that hackers are now leveraging AI not just for specific tasks but as an integral part of their overall strategy.
Sergey Shykevich, Check Point's threat intelligence lead, noted in an interview that major commercial providers remain the preferred choice for these operations due to their quality and flexibility. However, Chinese-made models like DeepSeek, Qwen (developed by Alibaba), and Trae are gaining traction among cybercriminals because they offer fewer restrictions compared to Western counterparts.
The report also details instances where AI has been used to develop sophisticated tools quickly. For example, the Gentlemen ransomware group utilized AI to build an internal management platform in just three days. Similarly, VoidLink—a toolkit for remote control of infected computers—was developed by a single developer using a commercial AI coding tool within a week.
This rapid development capability poses significant challenges for cybersecurity professionals tasked with protecting critical infrastructure and government agencies. Shykevich emphasized that security flaws should ideally be patched within hours of discovery but acknowledged the impracticality of such timelines given current capabilities.
In response to these emerging threats, the Cybersecurity and Infrastructure Security Agency (CISA) recently updated its remediation timeline guidance, ranging from three days for high-risk vulnerabilities to 60 days for lower-priority issues. CISA’s directive aims to address the heightened threat landscape where AI can assist attackers in identifying and exploiting weaknesses more efficiently.
As AI technology continues to advance, so too does its application in cybercrime. OpenAI's latest model, GPT-5.6, demonstrates significant improvements in cybersecurity tasks, further underscoring the evolving nature of threats posed by AI-enhanced hacking operations.
Latest News





