This summer, hackers linked to Russian intelligence introduced a disturbing new tactic in their cyber operations against Ukraine: phishing emails embedded with an artificial intelligence program. The malicious attachment, if installed, would automatically comb through victims’ computers, extract sensitive files, and send them back to Moscow.
According to technical reports released in July by Ukraine’s cybersecurity agencies and independent firms, this is the first known instance of Russian state-backed hackers deploying large language models (LLMs) — the same underlying technology behind popular chatbots — to build malicious code.
AI Becomes the New Weapon in Cyber Offense
The Russian campaign is part of a broader trend: hackers of all stripes — state actors, cybercriminals, and even researchers — are increasingly integrating AI into their operations. While LLMs remain imperfect and prone to errors, their speed and ability to process and generate code have made skilled hackers faster and more efficient.
Scammers and social engineers have been using AI to draft more convincing phishing emails since at least 2024. Now, the technology is moving beyond text manipulation to direct exploitation of vulnerabilities. Security experts warn that the field is entering what they call “the beginning of the beginning” of AI-driven cyberwarfare.
Data Protection and DPDP Act Readiness: Hundreds of Senior Leaders Sign Up for CDPO Program
Cyber Defenders Fight Back With AI
Cybersecurity professionals are not sitting idle. Google’s security team, led by Heather Adkins, has used its Gemini LLM to identify overlooked vulnerabilities in widely used software before criminals could exploit them. Since 2024, the project has flagged at least 20 critical bugs, which were subsequently patched by vendors.
CrowdStrike, a global cybersecurity firm, also reports using AI to assist clients during breaches while monitoring increasing evidence of adversaries — from China, Russia, Iran, and criminal syndicates — deploying AI-driven tools to enhance their attacks.
At the White House, senior cyber officials maintain that, for now, AI is tipping the balance in favor of defenders. “AI will be more advantageous for defenders than offense,” said senior cyber director at the National Security Council, emphasizing how AI democratizes vulnerability detection, especially for smaller firms that lack elite security teams.
Startups and Cybercriminals Push Boundaries
New security startups, such as DreadNode and Xbow, are testing the frontier of AI hacking. Xbow, in particular, made headlines in June by becoming the first AI-powered system to top HackerOne’s U.S. leaderboard, surpassing human researchers in identifying exploitable flaws.
However, experts warn that if open-source, AI-enabled penetration tools emerge, it could unleash an unprecedented wave of attacks against small and mid-sized businesses — the weakest links in global cybersecurity.
The Looming Threat of Agentic AI
While today’s LLM-powered hacking still requires human intervention, the rise of agentic AI — systems capable of autonomously executing complex tasks such as coding, sending phishing emails, or exploiting flaws — presents a looming risk.
Without robust guardrails, these tools could become the next “insider threat,” executing malicious tasks on behalf of hackers without human oversight. CrowdStrike’s Adam Meyers cautions that such capabilities could mark a turning point: “The more advanced adversaries are using it to their advantage. We’re seeing more of it every single day.”
A Race Between Attackers and Defenders
For now, defenders appear to be winning, leveraging AI to uncover and patch vulnerabilities faster than attackers can exploit them. But as AI models become more powerful and accessible, the balance could shift dramatically.
The cybersecurity world is bracing for what comes next: whether AI remains a tool for strengthening defenses, or whether its uncontrolled spread turns it into a weapon that makes cybercrime easier, faster, and far more destructive.