This post is also available in:
עברית (Hebrew)
A new open-source AI framework is rapidly transforming how cyberattacks are carried out—by automating them. HexStrike AI, a publicly available multi-agent platform, enables attackers to coordinate and execute complex offensive operations using artificial intelligence with minimal human input.
According to a report by Check Point, HexStrike AI has already been used to exploit zero-day vulnerabilities just hours after public disclosure. Its growing adoption among threat actors signals a shift toward highly automated, AI-driven attack chains that compress the time between vulnerability discovery and exploitation.
At its core, HexStrike AI acts as an orchestration layer, controlling a network of autonomous agents that operate over 150 established security tools. These agents specialize in tasks like reconnaissance, vulnerability detection, exploit generation, and post-exploitation actions.
The platform, released on GitHub in July, was originally intended to assist red teams and security researchers in emulating realistic attack scenarios. But its accessibility and advanced capabilities have made it attractive to malicious actors as well.
Check Point researchers noted that within 12 hours of a recent disclosure of critical Citrix NetScaler vulnerabilities (CVE-2025-7775), underground forums were already reporting successful exploitation using HexStrike AI. Traditionally, such attacks would require significant expertise and development time.
Instead, attackers used AI agents to scan for exposed systems, craft tailored payloads, and automate delivery—all triggered by simple commands like “perform a full security assessment of [target domain].” The platform even supports live dashboards and recovery logic to ensure continuity in case of errors.
The next release, version 7.0, is expected to expand the agent count to over 250. While the framework help defenders proactively identify and patch vulnerabilities, the rapid weaponization of HexStrike underscores the urgency for defensive teams to adopt AI-driven automation themselves.
Security experts are now urging organizations to shorten patch cycles, tighten monitoring, and consider using similar orchestration tools for simulation and response. As attackers and defenders race to adapt, the emergence of platforms like HexStrike may redefine what “real-time” means in cybersecurity.
