Google details how attackers are using AI to speed up hacks

Google's Threat Intelligence Group says that in the final quarter of 2025 threat actors increasingly integrated artificial intelligence to accelerate the attack lifecycle, achieving productivity gains in reconnaissance, social engineering, and malware development.

Its GTIG AI Threat Tracker highlights state-sponsored LLM phishing, AI-enabled malware like HONESTCUE, and rising model extraction attacks. One tactic uses large language models to make hackers seem more reputable in conversation: "Increasingly, threat actors now leverage LLMs to generate hyper-personalized, culturally nuanced lures that can mirror the professional tone of a target organization or local language." The report adds that AI-augmented phishing enablement can bypass the manual labor traditionally required for victim profiling.

AI-generated code is also appearing in attacks.

gtig, ai phishing, llm phishing, honestcue, model extraction, ai malware, social engineering, reconnaissance, malware development, ai code