Cybersecurity firm Check Point is warning that malicious actors are abusing an open-source AI tool called ‘HexStrike AI’ o exploit recently disclosed security vulnerabilities, including flaws in Citrix's NetScaler product.
Originally designed to support ethical hacking, bug bounty research, and capture-the-flag (CTF) competitions, HexStrike AI advertises itself as a cutting-edge, AI-driven offensive security platform. Hexstrike AI introduces MCP Agents, a powerful server that lets AI use over 150 cybersecurity tools on its own. It can handle tasks like penetration testing, finding vulnerabilities, automating bug bounties, and doing security research.
According to Check Point’s latest threat intelligence report, attackers are actively experimenting with HexStrike AI to identify and exploit security flaws shortly after public disclosure.
Discussions on underground cybercrime forums reveal that threat actors are claiming to have used HexStrike AI to successfully exploit three recently disclosed Citrix vulnerabilities, with some even flagging seemingly exposed NetScaler instances for sale to other cybercriminals.
“Hexstrike-AI represents a broader paradigm shift, where AI orchestration will increasingly be used to weaponize vulnerabilities quickly and at scale. To defend against this new class of threat, organizations must evolve their defenses accordingly,” CheckPoint advised.