Hackers weaponize GenAI to boost cyberattacks

Adversaries are weaponizing GenAI to scale operations and accelerate cyberattacks -- as well as increasingly targeting the autonomous AI agents reshaping enterprise operations. This is among the findings of CrowdStrike’s 2025 Threat Hunting Report.

The report reveals how threat actors are targeting tools used to build AI agents -- gaining access, stealing credentials, and deploying malware -- a clear sign that autonomous systems and machine identities have become a key part of the enterprise attack surface.

“The AI era has redefined how businesses operate, and how adversaries attack. We’re seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions,” says Adam Meyers, head of counter adversary operations at CrowdStrike. “At the same time, adversaries are targeting the very AI systems organizations are deploying. Every AI agent is a superhuman identity: autonomous, fast, and deeply integrated, making them high-value targets. Adversaries are treating these agents like infrastructure, attacking them the same way they target SaaS platforms, cloud consoles, and privileged accounts. Securing the AI that powers business is where the cyber battleground is evolving.”

Among specific instances highlighted, DPRK-nexus adversary FAMOUS CHOLLIMA used GenAI to automate every phase of its insider attack program. From building fake resumes and conducting deepfake interviews to completing technical tasks under false identities, AI-powered adversary tradecraft is transforming traditional insider threats into scalable, persistent operations.

CrowdStrike also observed multiple threat actors exploiting vulnerabilities in tools used to build AI agents, gaining unauthenticated access, establishing persistence, harvesting credentials, and deploying malware and ransomware. These attacks demonstrate how the agentic AI revolution is reshaping the enterprise attack surface and turning autonomous workflows and non-human identities into the next frontier of adversary exploitation.

The report also shows that cloud intrusions rose 136 percent, with China-linked adversaries responsible for 40 percent of increased activity, as GENESIS PANDA and MURKY PANDA evaded detection through cloud misconfigurations and trusted access.

You can get the full report from the CrowdStrike site.

Image credit: sdecoret/depositphotos.com