325/68 Friday, September 5, 2025
Researchers from Check Point have revealed that HexStrike AI, a tool originally developed for red teaming and bug bounty purposes, is being misused by threat actors, turning it from a security testing utility into an automated attack engine. HexStrike AI can orchestrate more than 150 security utilities through AI agents, drastically simplifying complex exploitation processes and reducing the time required to execute them.
Shortly after its release, dark web discussions emerged about using HexStrike AI to exploit newly disclosed vulnerabilities in Citrix NetScaler ADC/Gateway announced on August 26, 2025: CVE-2025-7775 (RCE), CVE-2025-7776 (Memory Flaw), and CVE-2025-8424 (Access Control Weakness). Threat actors claimed that HexStrike AI reduced exploitation time from several days to under 10 minutes, with some even selling access to vulnerable instances on the dark web.
Check Point described this as a “critical turning point” in cybersecurity, as the use of dual-use AI significantly shortens the window between vulnerability disclosure and exploitation. Attacks that once required advanced skills and weeks of preparation can now be executed within minutes. This demonstrates that offensive AI has already become a real weapon, with HexStrike AI serving as concrete evidence of its impact in today’s threat landscape.
Source https://securityaffairs.com/181878/cyber-crime/crooks-turn-hexstrike-ai-into-a-weapon-for-fresh-vulnerabilities.html
