top of page
Search

Spy vs. spy: How GenAI is powering defenders and attackers

  • Dec 4, 2025
  • 2 min read

Key Findings:


  • Adversaries continue to use GenAI with varying levels of reliance, with state-sponsored groups and criminal organizations taking advantage of uncensored and unweighted models.

  • Threat actors are using GenAI for coding, phishing, anti-analysis/evasion, and vulnerability discovery, although significant human involvement is still required.

  • As models continue to shrink and hardware requirements are removed, adversarial access to GenAI and its capabilities are poised to surge.

  • Defenders can use GenAI as a force multiplier to parse through vast threat data, enhance incident response, and proactively detect code vulnerabilities, helping to overcome analyst shortages.


Background


Generative AI (GenAI) has caused a fundamental shift in how people work and its impact is being felt almost everywhere. Individuals and enterprises alike are rushing to see how GenAI can make their lives easier or their work faster and more efficient. In information security, the focus has largely been on how adversaries are going to leverage it, and less on how defenders can benefit from it.


Adversarial GenAI Usage


  • State-sponsored groups are starting to leverage the technology in campaigns, still requiring significant human help.

  • Actors are embedding prompts into malware to evade detection, but these methods are experimental and unreliable.

  • Adversaries are using prompts in malware and DNS records for anti-analysis purposes, a trend likely to grow as AI systems play a bigger role in detection and analysis.

  • The largest impacts are seen on the conversational side of compromise, such as email content and social engineering.

  • AI is also being used as a lure to trick users into installing malware.

  • The barrier to entry for using GenAI has lowered, and other threat groups beyond state-sponsored ones are likely leveraging it.

  • Adversarial usage of AI is difficult to quantify, as the impacts are not visible in the end product.


Vulnerability Hunting


  • Both offensive and defensive actors can use GenAI to uncover vulnerabilities in code and software.

  • Threat groups may leverage GenAI to find zero-day vulnerabilities for malicious use, while researchers can use it to triage fuzz farm outputs for coordinated disclosure.

  • The use of GenAI in vulnerability hunting is a double-edged sword, with both positive and negative implications.


Sources


  • https://blog.talosintelligence.com/spy-vs-spy-how-genai-is-powering-defenders-and-attackers/

  • https://x.com/StopMalvertisin/status/1996550106355536092

  • https://malware.news/t/spy-vs-spy-how-genai-is-powering-defenders-and-attackers/102293

Recent Posts

See All
Defeating AI with AI

Key Findings Generative AI and agentic AI are increasingly used by threat actors to conduct faster and more targeted attacks. One capability that AI improves for threat actors is the ability to profil

 
 
 

Comments

  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page