A new agentic AI-powered tool for red teams is already being abused by threat actors to rapidly accelerate and simplify vulnerability exploitation, Check Point has warned.
Hexstrike-AI is built around an abstraction and orchestration “brain.” This uses AI agents to run over 150 cybersecurity tools to perform tasks such as penetration testing, vulnerability discovery, bug bounty automation and security research, according to Check Point.
“The agents (150+ tools) perform specific actions; scanning, exploiting, deploying persistence, exfiltrating data,” it explained.
“The abstraction layer translates vague commands like ‘exploit NetScaler’ into precise, sequenced technical steps that align with the targeted environment.”
The security vendor has already observed threat actor chatter on the dark web discussing how to use Hexstrike-AI to exploit three new Citrix NetScaler zero-days disclosed last week.
“Exploiting these vulnerabilities is non-trivial. Attackers must understand memory operations, authentication bypasses, and the peculiarities of NetScaler’s architecture. Such work has historically required highly skilled operators and weeks of development,” Check Point claimed.
“With Hexstrike-AI, that barrier seems to have collapsed. Instead of painstaking manual development, AI can now automate reconnaissance, assist with exploit crafting, and facilitate payload delivery for these critical vulnerabilities.”
Read more on agentic AI: #BHUSA: Exploring the Top Cyber Threats Facing Agentic AI Systems
The result is that a task which could have taken days or weeks can now be accomplished in under 10 minutes. Agents can scan thousands of IPs simultaneously, with any failed attempts retried with variations until successful, Check Point warned.
“The window between disclosure and mass exploitation shrinks dramatically,” it added.
“CVE-2025-7775 is already being exploited in the wild, and with Hexstrike-AI, the volume of attacks will only increase in the coming days.”
Patch and Harden
Network defenders must patch and harden systems without delay to mitigate the threat posed by abuse of agentic AI tools like Hexstrike-AI, the report urged. Automated patch validation and deployment will help in this regard.
Beyond this, organizations should:
- Adopt adaptive detection that goes beyond static signatures and rules to learn from ongoing attacks and adapt dynamically
- Invest in AI-powered tools to correlate telemetry, detect anomalies and respond autonomously at machine speed
- Monitor dark web discussions for early warning signals about incoming threats and changing threat actor TTPs
- Engineer resilience into systems with segmentation, least privilege and robust recovery capabilities to mitigate the impact of successful exploitation
“The security community has been warning about the convergence of AI orchestration and offensive tooling, and Hexstrike-AI proves those warnings weren’t theoretical,” Check Point concluded.
“What seemed like an emerging possibility is now an operational reality, and attackers are wasting no time putting it to use.”
