Researchers determined that AI was used in steps across entire cyber operations to identify security flaws, generate commands and carry out parts of intrusions, sometimes with little human oversight. Both U.S. and Chinese AI models have been involved.
Just two years ago, hackers were tapping into generative artificial intelligence to probe targets, translate technical material and troubleshoot malicious code. The technology sped up some key parts of a cyber operation, but other stages remained solely in human hands.
That line is now beginning to blur. In a range of cyberattacks observed over the past year, AI systems generated commands, tested vulnerabilities and helped hackers move through victim networks, sometimes carrying out thousands of commands with less human direction than researchers had previously seen, according to research released Monday night by cybersecurity firm Check Point.
It means AI has now been used in some form at every stage of a cyberattack, from identifying targets to exploiting vulnerabilities to stealing data, to help hackers achieve their goals.
The shift does not yet amount to fully autonomous hacking, a top company executive told Nextgov/FCW, but it shows that AI is moving from an occasional aid to an extra set of hands throughout the entirety of an intrusion process. The findings also highlight how rapidly the global cyber ecosystem has adopted AI, with the technology now embedded across every part of an offensive operation rather than confined to isolated tasks.
“We watched criminal groups breach government agencies at scale, using AI as the primary operator rather than a background assistant,” the Check Point report says. In most cases, the AI model’s role was revealed by the attacker’s own mistakes or monitoring by the AI provider, rather than tools or safeguards deployed by the victim organization.
For these AI-enabled pursuits, hackers have used open-source models and purpose-built malicious AI tools sold on the dark web, but major commercial providers remain their primary choice, company threat intelligence lead Sergey Shykevich said in an interview.
The research points to the Gentlemen ransomware group as one instance of how AI is being folded into routine criminal operations. Members compared mainstream commercial models based largely on which imposed the fewest restrictions and used AI to help build internal tools, including a management platform developed in three days.
The findings also highlight VoidLink — a sophisticated toolkit for remotely controlling infected computers — that researchers initially believed had taken a team several months to build. Check Point later found that a single developer produced roughly 88,000 lines of working code in under a week using a commercial AI coding tool.
Hackers tend to first choose U.S. AI models like ChatGPT or Claude because their responses are generally considered higher-quality, but they have a tougher time exploiting those families of models because of stronger guardrails designed to prevent malicious use of the tools, Shykevich said. When those attempts fail, they then pivot to Chinese-made AI platforms that have lower guardrails.
“They are trying to jailbreak those [Western] models, but when they are not successful, they just go to DeepSeek, Qwen and Trae,” he said, referring to a trio of AI models and platforms originating in China. Qwen is a suite of AI and large language models developed by Alibaba, while Trae is an AI-backed code editor and programming platform built by ByteDance. Ransomware gangs have been heavily leaning on those Chinese models to help generate code for their exploits, he noted.
Chinese AI models have recently grown more capable and widely used for coding tasks. Beijing has discussed restricting overseas access to some advanced models, underscoring their growing national security value and their appeal to cybercriminals seeking tools to help with their exploits.
When asked how these new dynamics involve targeting U.S. government and critical infrastructure organizations, Shykevich said there are certainly higher and faster levels of exploitation attempts, though he assessed that’s due to a combination of AI-enabled speed and geopolitical tensions.
He said that, in an ideal world, security flaws should now be patched within several hours of discovery, though he immediately acknowledged that would be next to impossible. The Cybersecurity and Infrastructure Security Agency recently revamped its remediation timeline guidance, ranging from three days for the highest-risk flaws to 60 days for lower-priority issues.
The move is part of CISA’s response “to the current threat landscape where AI software services can assist threat actors to find and exploit vulnerabilities,” the agency said last month.
The findings come as the latest tranche of frontier AI models is showing sharp gains in their ability to perform cybersecurity tasks. OpenAI last week released GPT-5.6, which it called its strongest cybersecurity model yet, reporting substantial gains over its predecessor on benchmarks testing exploit development and proof-of-concept generation.
The Trump administration, meanwhile, has given the National Security Agency, CISA and other federal officials until Aug. 1 to develop a classified process for benchmarking the advanced cyber capabilities of frontier AI models and determining which systems need additional government scrutiny.
“The most significant shift this report documents is not a new technique. It is pace,” the Check Point report says. “A vulnerability now becomes a working exploit within hours of disclosure. Phishing campaigns run at a quality and volume no human team could match. Intrusions span dozens of targets simultaneously, with AI handling the operational work between check-ins. Security teams working at human speed cannot match that cadence.”
