Hackers Unleash HexStrike-AI to Exploit n-Day Flaws Faster
▼ Summary
– Hackers are using the AI-powered HexStrike-AI framework to exploit newly disclosed vulnerabilities, particularly targeting Citrix flaws like CVE-2025-7775.
– HexStrike-AI is an open-source red teaming tool that integrates AI agents to automate penetration testing and vulnerability discovery through human-in-the-loop interaction.
– Threat actors have deployed HexStrike-AI to achieve remote code execution and deploy webshells on compromised NetScaler instances, with some offering these for sale.
– The framework’s automation could reduce n-day exploitation times from days to minutes, drastically shrinking the patching window for system administrators.
– Check Point recommends defenders focus on threat intelligence, AI-driven defenses, and adaptive detection to counter this evolving threat.
A new wave of cyberattacks is leveraging artificial intelligence to accelerate the exploitation of freshly disclosed vulnerabilities, dramatically shrinking the time between patch release and active compromise. Security researchers are tracking the rise of a tool known as HexStrike-AI, originally designed for ethical penetration testing, which threat actors have repurposed to automate attacks against unpatched systems.
Recent activity observed by cybersecurity analysts points to malicious use of this framework, particularly in targeting Citrix NetScaler ADC and Gateway appliances affected by vulnerabilities including CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424. Dark web forums show growing interest in the tool, with hackers sharing methods to weaponize these flaws within hours of public disclosure. Data indicates that thousands of endpoints remain exposed, underscoring the urgency of remediation.
HexStrike-AI was developed as a legitimate red teaming platform by cybersecurity professional Muhammad Osama. It integrates AI agents capable of autonomously operating more than 150 security tools, streamlining tasks like vulnerability scanning, exploit development, and persistence mechanisms. The system uses a human-in-the-loop approach, communicating with external large language models to refine its actions through continuous analysis and adaptive execution.
A notable feature is its built-in resilience; the tool incorporates retry logic and recovery protocols to overcome failures during complex operations, automatically adjusting its approach until objectives are met. Since its release as open-source software on GitHub, it has gained significant traction within the security community, amassing thousands of stars and forks.
Unfortunately, this accessibility has also drawn the attention of cybercriminals. Reports confirm that threat actors are using HexStrike-AI to achieve unauthenticated remote code execution via CVE-2025-7775, deploying webshells on compromised devices and even offering access to hijacked NetScaler instances for sale on underground markets.
While direct evidence linking the tool to specific incidents is still accumulating, experts believe attackers are using it to fully automate their intrusion chains, from identifying vulnerable systems to crafting and delivering payloads. This automation could reduce exploitation timelines from days to mere minutes, placing enormous pressure on defenders.
The implications for network security are profound. The window between vulnerability disclosure and widespread exploitation is collapsing, leaving organizations with minimal time to apply patches or implement mitigations. As one firm noted, attacks against CVE-2025-7775 are already underway, and the adoption of tools like HexStrike-AI is expected to drive a surge in offensive activity.
In response, security teams are urged to adopt a proactive and layered defense strategy. Emphasis should be placed on early warning systems powered by threat intelligence, AI-enhanced defensive measures, and behavioral detection capabilities that can adapt to evolving tactics. While rapid patching remains essential, the evolving threat landscape necessitates a comprehensive and agile security posture.
(Source: Bleeping Computer)
