GenAI: A Double-Edged Sword in Cybersecurity

At the forefront of cybersecurity discussions during Black Hat USA 2025 in Las Vegas, CrowdStrike revealed alarming trends in how generative artificial intelligence (GenAI) is being weaponized by cyber adversaries. Both criminal organizations and hostile nation-states are aggressively leveraging AI technologies to amplify the scale and sophistication of their cyberattacks. Notably, these threat actors are now focusing on AI agents themselves as novel targets, aiming to subvert autonomous systems that businesses increasingly rely upon.

Transforming Attack Strategies with AI

Adam Meyers, CrowdStrike’s head of counter-adversary operations, emphasized that the AI revolution has fundamentally altered both corporate operations and the tactics employed by attackers. “Generative AI enables threat actors to exponentially increase social engineering campaigns, accelerate attack timelines, and reduce the need for direct manual intervention,” Meyers explained. This shift lowers the barrier for executing complex intrusions, making cyberattacks more accessible and frequent.

Targeting Autonomous AI Agents: The New Cyber Battleground

As organizations deploy AI agents that function autonomously and operate at superhuman speeds, these entities have become prime targets for cybercriminals. Meyers likened AI agents to privileged identities within cloud environments, highlighting their critical role and the risks they pose if compromised. Attackers are now focusing on infiltrating these AI-driven systems, much like they do with SaaS platforms and privileged cloud accounts, signaling a new front in cybersecurity defense.

Insights from CrowdStrike’s 2025 Threat Hunting Report

The recently published report underscores that autonomous systems and machine identities have emerged as integral components of the modern enterprise attack surface. CrowdStrike’s analysts, who monitor over 265 threat groups, uncovered several notable examples of GenAI misuse:

• North Korea’s Famous Chollima: This group has automated its insider threat campaigns using GenAI, from fabricating resumes to conducting deepfake interviews and executing technical tasks under false pretenses.
• Russia’s Ember Bear: Leveraging GenAI to amplify pro-Russian disinformation efforts across digital platforms.
• Chinese Threat Actors Genesis Panda and Murky Panda: Exploiting cloud misconfigurations and trusted access pathways to evade detection, contributing to a 136% surge in cloud-related intrusions, with Chinese groups responsible for approximately 40% of these breaches.
• Iran’s Charming Kitten: Utilizing large language models (LLMs) to craft highly convincing phishing emails targeting organizations in the US and Europe.

Agentic AI: A Vulnerable Frontier

Agentic AI-autonomous AI systems capable of independent decision-making-has emerged as a fresh attack surface. CrowdStrike’s findings reveal that adversaries have exploited vulnerabilities in the platforms used to develop these AI agents, gaining unauthorized access, stealing credentials, and deploying malware and ransomware. This evolution transforms non-human identities and automated workflows into lucrative targets for cyber exploitation.

Criminal Groups Harnessing AI for Malicious Purposes

Beyond nation-state actors, cybercriminals are increasingly adopting AI to automate complex tasks such as coding malware and troubleshooting technical challenges. Groups like SparkCat and Funklocker have demonstrated the practical use of GenAI-generated malicious software, dispelling any notion that such threats are merely theoretical.

Rapid Attack Execution: The Case of Scattered Spider

In the United Kingdom, the criminal group Scattered Spider has employed social engineering tactics, including helpdesk impersonation, to reset credentials and bypass multifactor authentication safeguards. CrowdStrike documented an incident where this group progressed from initial system access to ransomware deployment within a mere 24 hours, illustrating the accelerated pace of AI-enhanced cyberattacks.