Posts
On darknet forums, hackers began to actively discuss the new AI framework HexStrike AI, w…
September 8, 2025 at 8:01 PM•Max Knyazev is typing…Telegram mirror
On darknet forums, hackers began to actively discuss a new AI framework
HexStrike AI
, which was originally intended as a legitimate tool for the red team, but is already being used to exploit fresh vulnerabilities in Citrix (
CVE-2025-7775
,
CVE-2025-7776
,
CVE-2025-8424
)
😏
HexStrike AI just appeared on GitHub a month ago and has already collected 2,400 stars. Its author, researcher Muhammad Osama, positions the project as an “AI orchestrator” for pentests - the system can integrate more than 150 tools, work through external LLMs and launch attacks in a completely autonomous mode. The idea is to allow security teams to quickly check the stability of the infrastructure. But, as usually happens, the attackers also decided not to pass by this
By data ShadowServer, just a week ago there were about 28 thousand vulnerable Citrix endpoints, but now there are less than 8 thousand. But it was with the help of HexStrike AI that the attackers discussed automating search and exploitation, and then selling compromised NetScaler. All this happened literally 12 hours after the vulnerabilities were disclosed
😳
And this is where it gets really alarming. If previously the window between the publication of a bug and its mass exploitation was measured in days, now, with AI frameworks like HexStrike AI, it shrinks to a couple of hours. Attacks that required the efforts of skilled professionals become routine tasks for the neural network, which simply tries again and again until it breaks through the defense.
The author of the framework, of course, emphasizes that his goal is to help security guards, and not vice versa. But the fact remains: the open source tool is already being actively studied on the darknet and, naturally, will be used by attackers, including
🧠
If you think about it, this is logical. Any tool can be used for different purposes. Therefore, it is not surprising that there are people who use a hammer not to hammer nails, but to inflict grievous bodily harm... everything is the same here. Moreover, I already did something on my channel review of the neural network , which is still actively used by hackers and various kinds of scriptkiddies
The conclusion here is extremely simple. We now truly live in an era where AI agents are becoming an integral part of almost everything ( and whether there will be more ). And if attackers learn to work with such tools faster than security guards and law enforcement officers, we have problems. As always, we try to believe in the best
🥂
#information_security
Open original post on TelegramHexStrike AI just appeared on GitHub a month ago and has already collected 2,400 stars. Its author, researcher Muhammad Osama, positions the project as an “AI orchestrator” for pentests - the system can integrate more than 150 tools, work through external LLMs and launch attacks in a completely autonomous mode. The idea is to allow security teams to quickly check the stability of the infrastructure. But, as usually happens, the attackers also decided not to pass by this
By data ShadowServer, just a week ago there were about 28 thousand vulnerable Citrix endpoints, but now there are less than 8 thousand. But it was with the help of HexStrike AI that the attackers discussed automating search and exploitation, and then selling compromised NetScaler. All this happened literally 12 hours after the vulnerabilities were disclosed
And this is where it gets really alarming. If previously the window between the publication of a bug and its mass exploitation was measured in days, now, with AI frameworks like HexStrike AI, it shrinks to a couple of hours. Attacks that required the efforts of skilled professionals become routine tasks for the neural network, which simply tries again and again until it breaks through the defense.
The author of the framework, of course, emphasizes that his goal is to help security guards, and not vice versa. But the fact remains: the open source tool is already being actively studied on the darknet and, naturally, will be used by attackers, including
If you think about it, this is logical. Any tool can be used for different purposes. Therefore, it is not surprising that there are people who use a hammer not to hammer nails, but to inflict grievous bodily harm... everything is the same here. Moreover, I already did something on my channel review of the neural network , which is still actively used by hackers and various kinds of scriptkiddies
The conclusion here is extremely simple. We now truly live in an era where AI agents are becoming an integral part of almost everything ( and whether there will be more ). And if attackers learn to work with such tools faster than security guards and law enforcement officers, we have problems. As always, we try to believe in the best
#information_security
Discussion
Comments
Comments are available only to confirmed email subscribers. No separate registration or password is required: a magic link opens a comment session.
Join the discussion
Enter the same email that you already used for your site subscription. We will send you a magic link to open comments on this device.
There are no approved comments here yet.