TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources СLOUD SECURITY DATA PRIVACY APPLICATION SECURITY THREAT INTELLIGENCE NEWS AI Agents Generate Custom Hacking Tools on the Fly Two threat campaigns heavily leveraged AI agents to support attacks against entities in Mexico and Brazil. Alexander Culafi,Senior News Writer,Dark Reading May 13, 2026 5 Min Read SOURCE: ANNA VACZI VIA ALAMY STOCK PHOTO Threat actors have begun to use AI agents to facilitate the entire attack chain, from assisting with initial access to generating penetration tools on the fly. Trend Micro's TrendAI Research team yesterday published research concerning two threat actors using AI agents to hack entities including government organizations. While threat actors have been using AI for some time, the new research presents what it calls "vibe hacking," where AI tooling is doing much of the compromising. The first, "Shadow-Aether-040," is a campaign first identified in late 2025. An attacker was targeting Latin American organizations in the public sector and private sector organizations in financial services, aviation, and retail. TrendAI researchers identified a command-and-control (C2) server used by the campaign that had improper operational security, and found details on how the attack was conducted. Based on TrendAI researchers' access to this C2 server, Shadow-Aether-040 compromised six government entities in Mexico between Dec. 27, 2025, and Jan. 4, 2026. Attackers executed activities across the full chain of compromise with the support of AI agents — ultimately leading to data theft in some cases. Related:Hugging Face Packages Weaponized With a Single File Tweak Trend AI Research tracked a second campaign, Shadow-Aether-064, beginning in April. There were significant commonalities between this campaign and Shadow-Aether-040, namely similar tooling, but TrendAI assessed the campaigns to be possibly distinct. Shadow-Aether-040 was observed to be Spanish speaking, while Shadow-Aether-064 is likely operated by Portuguese speakers. While Shadow-Aether-064 also used significant AI tooling in all stages of its operation, it primarily targeted financial organizations in Brazil with an aim to steal financial data. LOADING... Using AI Agents Across a Complete Attack Chain Shadow-Aether-040 was able to jailbreak the AI agent by claiming instructions were for an "authorized red team exercise." While AI agents generally have safeguards to prevent this kind of thing, multiple iterative attempts enabled the attacker to succeed. Shadow-Aether-040 leveraged an agentic command line interface (CLI) to target organizations, and the CLI sent prompts to Anthropic's Claude. This campaign treated the agent as a kind of assistant that would be given tasks to help support the operation. Shadow-Aether-040 used vulnerability scanners to identify vulnerabilities on targeted servers and then deploy Web shells for initial access. For the initial access phase, the attacker enabled the AI agent to leverage Shodan and VulDB in order to identify potential vulnerabilities across an external-facing server. Related:Hackers Use AI for Exploit Development, Attack Automation The threat actor then commanded its AI agent to use Web shells to deploy additional backdoors or traffic tunneling tools to maintain persistence. TrendAI identified one backdoor, a Python-based package called "implante_http," that was likely created with AI assistance. As the attack was conducted, Shadow-Aether-040 instructed the AI to document the workflow and organize collected information into different directories as Markdown files. "This allowed the AI agent to understand previously completed actions, restore the prior operational context by reading through the Markdown files inside a given folder, and continue work on the unfinished tasks at any time," the researchers' blog post read. Shadow-Aether-064 similarly used AI agents to compromise and remotely command servers. Both actors leveraged ProxyChains, SOCKS5 tunneling, and SSH for initial access, as well as additional tooling such as Chisel, CrackMapExec, Impacket, and Neo-reGeorg. Both also created "custom backdoors capable of establishing reverse tunnels for traffic forwarding from a SOCKS5 proxy." The model used by Shadow-Aether-064 was not identified in this case. Related:After Replacing TeamPCP Malware, 'PCPJack' Steals Cloud Secrets Most striking here is that both campaigns used custom, dynamically generated hacking tools and scripts using AI rather than pre-built ones, making it harder for traditional security solutions to detect, since they rely on known signatures. AI was used in this way to support network scanning, password spraying, and vulnerability exploitation. "Because these dynamically generated commands, scripts, and code differ with each execution, they effectively replace open-source hacking tools that are more likely to be detected, reducing the possibility of detection by traditional security solutions," TrendAI explained. How to Stop AI Attacks in Their Tracks Shadow-Aether-040 and Shadow-Aether-064 are early examples of threat actors using AI agents for front-to-back threat activities, but this won't be the last time security professionals will hear about this kind of thing. For as imperfect as AI tooling is, threat actors often gravitate toward the easiest targets. And as AI assistants capable of complex technical tasks become more accessible to threat actors, stories like this will almost certainly become more common. Though even in these cases, Stephen Hilt, principal threat researcher at TrendAI, tells Dark Reading that the way these attacks were conducted goes beyond a simple smash and grab. "What AI enabled in both cases was the operational tempo to pursue those objectives faster and with less manual overhead," he says. "Threat actors will always take the path of least resistance and right now AI is that path, but the motivation driving these campaigns goes deeper than just convenience." But there's good news, as TrendAI identified cases where the threat actors failed because the AI agent couldn't determine a clear path for lateral movement. In these cases, the targets had stronger security configurations. This is where doing the security basics comes in handy. "Against an environment with strong security fundamentals, even AI-augmented campaigns will struggle to find a way through," the research blog post read. "Timely patching, properly implemented zero-trust access controls, and comprehensive monitoring of environmental activity will be increasingly important in defending against this evolving threat landscape." Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now! Read more about: DR Global Latin America About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports How Enterprises Are Developing Secure Applications Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy How Enterprises Are Harnessing Emerging Technologies in Cybersecurity Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management 2025 State of Malware Access More Research Webinars Your Guide to Securing AI Adoption in Your Organization What is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization? The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace Prompt Injection Is Just the Start: Securing LLMs in AI Systems Anatomy of a Data Breach: What to Do if it Happens to You More Webinars You May Also Like СLOUD SECURITY APT41 Delivers 'Zero-Detection' Backdoor to Harvest Cloud Credentials by Elizabeth Montalbano APR 13, 2026 СLOUD SECURITY TeamPCP Turns Cloud Infrastructure Into Crime Bots by Jai Vijayan, Contributing Writer FEB 09, 2026 СLOUD SECURITY The Cloud Edge Is the New Attack Surface by Robert Lemos, Contributing Writer SEP 17, 2025 СLOUD SECURITY Phishing Empire Runs Undetected on Google, Cloudflare by Elizabeth Montalbano, Contributing Writer SEP 04, 2025 Editor's Choice THREAT INTELLIGENCE From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber byDark Reading Editorial Team MAY 6, 2026 31 MIN READ CYBER RISK Physical Cargo Theft Gets a Boost From Cybercriminals byRobert Lemos MAY 4, 2026 5 MIN READ CYBER RISK NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later byDark Reading Editorial Team APR 28, 2026 Want more Dark Reading stories in your Google search results? Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE LOADING... RSAC 2026: key news & insights At RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much more Get Your Recap Webinars What is the Right Role for Ident