offensive ai

Sysdig caught a threat actor using a misconfigured Ollama instance as the reasoning engine for an automated offensive pentesting framework — a significant escalation from credential theft to weaponised AI infrastructure.

Sophos researchers uncovered an operational threat actor lab using Claude Opus 4.5, Cursor, and MCP to build and test EDR evasion malware against live Sophos, CrowdStrike, and Microsoft Defender installations.

Google's Threat Intelligence Group has confirmed the first known case of a nation-state actor using AI to generate a working zero-day exploit used in an active campaign. APT45 — a North Korean state-sponsored group — automated the discovery and validation of a 2FA bypass using thousands of recursive prompts. The exploit code contained forensic markers of AI generation.