How AI agents and AI-assisted tooling are used to build, automate, and orchestrate attacks (and to discover vulnerabilities) across the cyber kill chain

The cybersecurity battlefield in 2026–2028 is increasingly defined by the relentless interplay between AI-driven offensive automation and AI-assisted defensive innovations. As autonomous AI agents evolve from experimental tools into fully operational cyber weapons, the speed, scale, and stealth of attacks have reached unprecedented levels—forcing defenders to adopt AI-native strategies and governance models that can keep pace with machine-speed adversaries.

---

Accelerating Offensive AI Automation: Autonomous Agents Reshape the Kill Chain

Attackers now wield autonomous AI offensive agents that execute end-to-end attack workflows—from reconnaissance through exploitation to payload deployment—often with minimal human oversight. This evolution is exemplified by:

• MalcodeEval, a landmark demonstration where an AI agent autonomously discovered and exploited SQL injection vulnerabilities without manual input, underscoring how AI compresses vulnerability discovery and exploitation cycles into minutes rather than days.

• Advanced agentic malware families like OpenClaw and GhostClaw, which autonomously navigate hybrid cloud environments, escalate privileges, and evade sandbox detection. Their AI-driven autonomy enables rapid lateral movement and stealthy persistence across complex infrastructures.

• The rise of disposable malware in obscure or esoteric programming languages, generated by AI to evade signature-based detection and frustrate reverse engineering efforts. This polymorphic, AI-assisted malware churns out diverse payloads tailored to target-specific environments and defenses.

• Frameworks such as RamiBot AI integrate port scanning, CVE intelligence gathering, and automated security reporting into a single AI-driven reconnaissance and initial access toolchain, replicable in malicious hands to automate early attack phases.

This shift toward agentic AI malware establishes a new offense paradigm where attackers orchestrate multi-stage campaigns at machine speed, continuously adapting to defenses with minimal human coordination.

---

Weaponizing Software Supply Chains and DevOps with AI Automation

AI agents are increasingly deployed to compromise software supply chains and development workflows, turning trusted ecosystems into infection vectors:

• The ForceMemo campaign revealed how attackers leveraged AI-assisted automation to identify vulnerable transitive dependencies and inject malicious code into hundreds of popular Python repositories. This large-scale supply chain compromise highlights the systemic risk posed by automated dependency poisoning.

• Exploitation of TeamCity’s open redirect vulnerability (CVE-2026-28194) demonstrates how attackers weaponize CI/CD pipelines. By redirecting build processes, adversaries introduce trojanized artifacts that infiltrate production environments silently, evading traditional quality checks.

• The McKinsey Lilli/CodeWall breach exposed risks from trojanized AI coding assistants, where subverted developer tools delivered credential stealers and backdoors. This incident underscores vulnerabilities in AI-assisted development environments lacking cryptographic proof and runtime attestation, allowing malicious code insertion during coding workflows.

These developments emphasize the urgent need for zero-trust controls, dependency vetting, artifact provenance verification, and runtime integrity monitoring to secure AI-powered software supply chains and DevOps pipelines.

---

Exploiting AI Platforms and Browsers: A New Attack Surface Emerges

The integration of AI into browsers and client environments has introduced novel, high-impact attack vectors:

• The FalkeAI Browser Agent exemplifies sophisticated prompt injection and sandbox escape techniques, implanting stealthy commands inside AI models running in browsers. These covert command-and-control channels operate beneath conventional detection, facilitating persistent, undetected exploitation.

• In early 2026, Google released emergency patches for Chrome’s third zero-day vulnerability—the third such flaw in just three months—highlighting the fragility of AI integrations in mainstream browsers. These vulnerabilities included sandbox escapes enabling arbitrary client-side code execution, raising alarm about AI assistant environments’ security.

• Zero-click cross-site scripting (XSS) flaws in AI chatbots and browser extensions enable attackers to hijack sessions and exfiltrate sensitive data without user interaction, dramatically increasing attack stealth and reach.

• AI agents are also weaponized in smart contract hacking, with benchmarks like OpenAI and Paradigm’s EVMbench exposing how AI accelerates vulnerabilities discovery and exploitation in blockchain and decentralized finance ecosystems.

These examples illustrate how AI-infused client platforms, once viewed as productivity enhancers, have become critical attack surfaces requiring sandbox hardening, anomaly detection, and prompt filtering defenses.

---

Credential Theft Fuels AI-Powered Lateral Movement and Attack Automation

Compromised credentials remain a cornerstone of cyber offense but now act as force multipliers for AI-driven attacks:

• According to IBM X-Force, stolen credentials enable attackers to weaponize autonomous AI agents for phishing campaigns, reconnaissance, lateral movement, and exploitation, minimizing the need for human control.

• The proliferation of AI agents capable of operating with stolen credentials accelerates the speed and scale of attacks, complicating detection and containment.

This dynamic reinforces the imperative for hardware-backed, phishing-resistant multi-factor authentication, credential rotation, and minimizing credential sprawl across organizational environments.

---

Defensive AI Innovations and Emerging Governance Frameworks

In response, defenders have amplified their AI-native tooling and governance to detect, analyze, and mitigate sophisticated AI-powered threats:

• OpenAI’s Codex Security research preview enables context-aware vulnerability detection, validation, and automated patch generation, vastly improving the speed and accuracy of identifying complex software flaws.

• Tools like InferShield harness behavioral anomaly detection combined with AI-assisted vulnerability scanning to expose stealthy, autonomous malware campaigns, including prompt injection and sandbox escape attempts.

• AI models such as Anthropic Claude Opus have demonstrated their prowess by discovering hundreds of bugs in complex software like Firefox, marking a new era of automated vulnerability research.

• Governance initiatives emphasize cryptographic attestation of tooling and runtime environments to prevent trojanized supply chains (e.g., lessons from GlassWorm and ForceMemo), while CI/CD pipeline security mandates zero-trust controls and artifact provenance verification to thwart workflow manipulation.

• Sandbox hardening now incorporates embedded anomaly detection and strict prompt filtering to counter increasingly sophisticated AI prompt injection and sandbox escape attacks.

• Credential hygiene programs focusing on phishing-resistant MFA and minimal credential exposure are critical to sever the link between stolen credentials and AI-augmented attack automation.

• Integration of AI-based anomaly detection into IT service desks and operational security layers helps identify adversaries masquerading as legitimate personnel, closing gaps exploited by AI-powered lateral movement.

---

Notable Incidents and Market Trends

Several high-profile events and trends illustrate the evolving AI-powered threat landscape:

• The APT36 ‘vibeware’ campaign flooded targets with AI-generated customized malicious payloads, overwhelming defenses via sheer volume and polymorphism.

• The 2026 and 2027 Microsoft Patch Tuesday waves included numerous critical fixes targeting AI runtimes and management-plane components, including remote code execution vulnerabilities in backup infrastructures like Veeam—a clear signal of attackers’ focus on AI ecosystems.

• The Kadnap router botnet, now controlling over 14,000 devices, serves as a platform for AI-driven malware hosting and lateral movement, demonstrating how firmware-level persistence combined with AI accelerates threats to critical infrastructure.

• The black market price for Windows zero-day exploits has surged to nearly $220,000, compressing defenders’ patching windows and escalating risks from AI-accelerated exploitation campaigns.

• Google’s repeated emergency patches for Chrome in early 2026 highlight the urgent need to secure AI assistant environments embedded in widely used browsers.

---

Conclusion: Towards a Holistic AI-Aware Cybersecurity Paradigm

The convergence of autonomous AI malware, trojanized AI-assisted tooling, and AI-orchestrated supply chain compromises is reshaping cybersecurity into a contest between intelligent adversaries operating at machine speed and defenders racing to adapt.

To maintain resilience, organizations must adopt holistic AI-native security architectures that emphasize:

• Proof-based vendor assurance via cryptographic attestation and signed tooling
• Runtime isolation and least privilege principles to contain AI-driven workflows
• Continuous validation and dependency vetting within complex software supply chains
• Integrated AI-enhanced detection and response spanning operational and IT layers
• Robust governance, sandbox hardening, and stringent credential hygiene to mitigate AI-specific risks

While AI tools like RamiBot and Codex Security showcase AI’s potential to enhance defense, the stakes remain high. Without agile, multi-layered, AI-aware defenses, organizations face catastrophic breaches threatening critical infrastructure, trust in AI technologies, and global digital stability.

---

Selected References

• MalcodeEval - Watch an AI Agent Exploit SQL Injection Automatically! | 2028
• RamiBot AI Cybersecurity Demo | Port Scan → CVE Intelligence → Security Report (Local AI) | 2028
• ForceMemo: Hundreds of GitHub Python Repos Compromised via Transitive Dependency Injection | 2028
• Weaponizing the Workflow: Why TeamCity’s Open Redirect (CVE-2026-28194) Threatens Your CI/CD Pipeline | 2027
• FalkeAI Browser Agent Demo | 2027
• Chrome’s Third Zero-Day of 2026 - And It’s Only March | 2026
• OpenAI Introduces Codex Security in Research Preview for Context-Aware Vulnerability Detection | 2026
• APT36 unleashes AI-generated ‘vibeware’ to flood targets | 2027
• Microsoft: Hackers abusing AI at every stage of cyberattacks | 2026
• Kadnap Malware Infects 14,000 Routers Worldwide | 2027
• Anthropic Claude Opus AI model discovers 22 Firefox bugs | 2026
• 6 Zero-Days in One Patch Tuesday — AI Is Accelerating the Threat | 2026
• Stolen Credentials Are Turning Agentic AI Into a Cyber Weapon | 2025

---

The rapidly evolving AI-powered cyber threat landscape demands relentless innovation from defenders. Deploying AI as both shield and sword is no longer optional but essential to outpace autonomous adversaries wielding AI agents at machine scale.