AI Across the Attack Chain From Recon to Execution

Artificial intelligence has moved from a supporting tool to an active component in cyber operations. Earlier use cases were limited to analysis and content generation. Today, AI is involved across the attack chain, from reconnaissance to execution. This shift has also reduced the level of expertise required for complex operations, making advanced capabilities accessible to a broader range of threat actors.

The transition became evident in November 2025, when Anthropic disclosed that a Chinese state-sponsored group, GTG-1002, used Claude Code to conduct cyber espionage. In this campaign, AI performed 80 to 90 percent of tactical tasks.

Reconnaissance becomes autonomous and adaptive

This transformation for AI-powered hacking begins at the reconnaissance phase. Traditionally, reconnaissance required manual effort and extended timeframes. With AI, it has become continuous and adaptive. Attackers can deploy AI-powered OSINT tools that scan multiple sources at once, including Telegram, Discord, Dark Web forums, paste sites, and code repositories. These systems can collect and correlate data easily, allowing attackers to prioritize targets with minimal effort.

Natural language processing plays a key role in this process. It enables the identification of leaked credentials within large and noisy datasets. At the same time, it supports vulnerability tracking and target profiling by combining data from LinkedIn, corporate disclosures, social media, and breach records.

The impact of this shift is measurable. In one 2024 campaign, attackers analyzed 47 employee profiles from a healthcare organization. They identified individuals with recent cybersecurity certifications and sent tailored phishing emails related to certificate verification. The campaign achieved a 38% click rate. In another case, attackers targeted 800 accounting firms with AI-generated tax reminders that referenced each firm’s registration details, resulting in a 27% click rate.

AI has also improved search techniques. Instead of relying on static keywords, attackers now use semantic dorking. Queries adapt based on industry, technology stack, and known exposure patterns across platforms such as Google, GitHub, Pastebin, Shodan, and Censys. Research combining OSINT with machine learning reported 93.3% accuracy in vulnerability detection and reduced manual triage by 58%. These capabilities are increasingly integrated into tools such as Maltego, SpiderFoot, and Shodan.

Given these advantages, nation-state actors have adopted AI early. A joint report by Microsoft and OpenAI in February 2024 documented multiple use cases. Russian APT28 used LLMs for satellite communication research. Chinese groups applied them to company and vulnerability analysis. North Korean actors used them to profile think tanks and defense experts. This indicates that AI is already embedded in state-level reconnaissance workflows.

Weaponization: from dark LLMs to AI-native malware

As reconnaissance becomes automated, the next phase is weaponization. Here, AI has introduced both new tools and new methods.

The dark LLM ecosystem

The underground market for AI-driven tools began with WormGPT in June 2023. It was a jailbroken model sold on Dark Web forums and Telegram. Although it was shut down after public exposure, new variants quickly appeared. These newer versions were built on models such as Grok and Mixtral and distributed through Telegram bots at lower costs.

Other tools followed. FraudGPT promised phishing and malware capabilities but was largely fraudulent. GhostGPT, introduced in late 2024, proved more functional. Testing showed it could generate realistic phishing templates within seconds.

Many dark LLM offerings are unreliable. Some are simple wrappers around mainstream models, and they lose functionality when jailbreak methods are patched. As a result, attackers increasingly turn to open-source models such as DeepSeek and Qwen, which have fewer restrictions and can be modified more easily.

AI-generated malware enters the wild

Alongside these tools, malware development has evolved. Early demonstrations, such as BlackMamba showed how AI could generate polymorphic code at runtime. The malware retrieved code from an API, executed it in memory, and avoided detection by producing unique outputs for each run.

By 2024, this concept moved into active campaigns. HP identified AI-generated malware targeting French-speaking users, with indicators such as structured code and detailed comments. By 2026, “vibe-hacking” campaigns emerged, where attackers used AI to generate complete infection chains with minimal effort.

More advanced examples followed. Google identified multiple malware families that actively query LLMs during execution. These include tools that generate commands dynamically, rewrite their own code, or use embedded prompts to bypass analysis.

These developments show that AI is no longer limited to supporting malware creation. It is now integrated into execution, enabling adaptive behavior and real-time evasion.

Jailbreaking guardrails at scale

Despite safety measures, LLMs remain vulnerable to manipulation. Multiple studies show high success rates in bypassing safeguards. Frameworks such as JBFuzz and FuzzyAI achieve near-complete success in generating restricted outputs. Research also shows that small parameter changes can significantly increase unsafe responses.

This limitation is structural. System prompts and user inputs share the same format, making it difficult to enforce strict boundaries. As a result, guardrails act as a delay rather than a barrier. This allows attackers to reliably extract malicious capabilities from general-purpose models.

Delivery at machine speed and superhuman persuasion

With weaponization established, AI significantly improves the delivery phase. It enhances both scale and effectiveness.

The Arup deepfake case

The Arup incident in January 2024 illustrates generative AI threats. A finance employee received a request from what appeared to be the company’s CFO. During a follow-up video call, all participants except the victim were AI-generated deepfakes. The employee completed multiple transfers totaling $25.6 million. No malware was involved, and no systems were breached. The attack relied entirely on deception.

Similar incidents followed. Attackers used voice cloning to impersonate executives, conducted deepfake meetings, and deployed synthetic audio messages. Research shows that only a few seconds of audio are sufficient to create a convincing voice clone. The cost of producing such content has dropped significantly.

AI-powered phishing at scale

At the same time, phishing has become more efficient. IBM X-Force showed that AI can generate phishing emails in minutes, compared to hours for human operators. While effectiveness remains comparable, the speed advantage is substantial.

Attack volume has increased accordingly. Reports indicate sharp growth in AI-related phishing activity, with many phishing emails now containing AI-generated content, and financial losses linked to these attacks continue to rise.

However, AI is not always used to generate full campaigns. In many cases, it enhances existing methods by improving language, personalization, and adaptation. Attackers can now produce thousands of tailored messages at low cost. When blocked, campaigns can be quickly modified and relaunched within hours.

Exploitation: AI finds what fuzzers cannot

After delivery, AI also transforms exploitation. It improves both vulnerability discovery and exploitation processes.

AI-driven vulnerability discovery

Google’s Big Sleep demonstrates this capability. It replicates the workflow of a human researcher by analyzing code, forming hypotheses, and testing them. It has identified vulnerabilities that traditional fuzzing methods missed.

AI-enhanced fuzzing tools have also uncovered long-standing issues in widely used software. Other tools, such as Vulnhuntr, can identify zero-day vulnerabilities at very low cost.

Autonomous exploitation

Research shows that LLMs can exploit known vulnerabilities with high success rates. More advanced frameworks can also target zero-day vulnerabilities. These systems reduce both cost and time compared to human efforts.

Competitions such as DARPA’s AI Cyber Challenge further highlight these capabilities. AI systems have demonstrated strong performance in identifying and patching vulnerabilities at scale. Commercial tools such as XBOW extend this model by deploying multiple AI agents to perform parallel testing.

Command and control hides in plain sight

In the final phase, AI also affects command and control. Attackers increasingly use legitimate AI services as communication channels.

The SesameOp backdoor used the OpenAI Assistants API for C2 operations. Commands were embedded in standard API interactions, making detection difficult. Similarly, researchers demonstrated that tools such as Copilot and Grok can be used to relay commands without requiring attacker infrastructure.

In some cases, the AI itself acts as the controller. Malware can send context to an LLM and receive instructions in return. This removes the need for traditional command servers and reduces traceability.

Conclusion

AI is reshaping the entire attack chain. It reduces costs, increases speed, and enables new forms of automation. Offensive capabilities are becoming more accessible through underground markets, while advanced techniques are integrated into everyday operations.

At the same time, AI is no longer limited to support roles. It is now an active component in attacks, from reconnaissance to execution. This shift requires a corresponding change in defense strategies. Traditional approaches are not sufficient against machine-speed threats. Organizations must adapt to a landscape where automation defines both offense and defense.