A China-linked actor was observed deploying agentic tools such as Strix and Hexstrike in attacks targeting a Japanese tech firm and a major East Asian cybersecurity company.UNC2814, a Chinese group known for targeting telecoms and government organizations, used a persona-driven jailbreak — in which the AI is instructed to act as a senior security auditor — to enhance vulnerability research on embedded devices, including TP-Link firmware with OFTP implementations.According to Google, the North Korean group tracked asAPT45sent out thousands of repetitive prompts to recursively analyze CVEs and validate PoC exploits.“This results in a more robust arsenal of exploit capabilities that would be impractical to manage without AI assistance,” Google said in its report.Thefull reportalso covers autonomous malware operations, AI-augmented defense evasion, supply chain attacks, and threat actors pursuing premium access to LLMs.Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: GoogleRelated:Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
UNC2814, a Chinese group known for targeting telecoms and government organizations, used a persona-driven jailbreak — in which the AI is instructed to act as a senior security auditor — to enhance vulnerability research on embedded devices, including TP-Link firmware with OFTP implementations.According to Google, the North Korean group tracked asAPT45sent out thousands of repetitive prompts to recursively analyze CVEs and validate PoC exploits.“This results in a more robust arsenal of exploit capabilities that would be impractical to manage without AI assistance,” Google said in its report.Thefull reportalso covers autonomous malware operations, AI-augmented defense evasion, supply chain attacks, and threat actors pursuing premium access to LLMs.Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: GoogleRelated:Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
According to Google, the North Korean group tracked asAPT45sent out thousands of repetitive prompts to recursively analyze CVEs and validate PoC exploits.“This results in a more robust arsenal of exploit capabilities that would be impractical to manage without AI assistance,” Google said in its report.Thefull reportalso covers autonomous malware operations, AI-augmented defense evasion, supply chain attacks, and threat actors pursuing premium access to LLMs.Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: GoogleRelated:Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
“This results in a more robust arsenal of exploit capabilities that would be impractical to manage without AI assistance,” Google said in its report.Thefull reportalso covers autonomous malware operations, AI-augmented defense evasion, supply chain attacks, and threat actors pursuing premium access to LLMs.Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: GoogleRelated:Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Thefull reportalso covers autonomous malware operations, AI-augmented defense evasion, supply chain attacks, and threat actors pursuing premium access to LLMs.Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: GoogleRelated:Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Related:Google: Half of 2025’s 90 Exploited Zero-Days Aimed at EnterprisesRelated:Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: GoogleRelated:Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Related:Malicious AI Prompt Injection Attacks Increasing, but Sophistication Still Low: GoogleRelated:Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Related:Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities.
Source: SecurityWeek
