How AI Is Arming Hackers with Unprecedented Power to Scale Cyberattacks
- AI is revolutionizing hacking through “vibe hacking,” where even novices can generate malicious code using generative AI, lowering the barrier to cybercrime.
- Sophisticated hackers pose the greatest threat, leveraging AI to scale attacks, potentially unleashing multiple zero-day exploits simultaneously.
- The cybersecurity arms race continues, with AI as the latest tool for both blackhat and whitehat hackers, exemplified by systems like XBOW leading bug bounty leaderboards.
In the rapidly evolving landscape of cybersecurity, a chilling new trend is emerging: “vibe hacking.” This phenomenon, fueled by the explosive growth of generative AI, allows anyone—novice or expert—to craft malicious code with minimal technical know-how. Imagine a world where a single hacker could orchestrate 20 zero-day attacks across global systems in a single stroke, or where polymorphic malware rewrites itself on the fly using bespoke AI systems. This isn’t science fiction; it’s a looming reality that has experts on edge, bracing for a mass event that could redefine digital warfare.
The potential of AI in hacking is already visible. Take XBOW, an AI system designed for whitehat penetration testers, which currently dominates leaderboards on HackerOne, an enterprise bug bounty platform. According to its creators, XBOW autonomously identifies and exploits vulnerabilities in 75 percent of web benchmarks. While it’s a tool for the good guys, its success underscores a darker possibility: what happens when similar technology falls into the wrong hands? Hayden Smith, cofounder of Hunted Labs, likens the current state of cybersecurity to passengers on a plane hearing “brace, brace, brace” before an emergency landing—tension is high, but the impact hasn’t hit yet. The question is not if, but when.
Generative AI has democratized coding in ways that are both empowering and terrifying. Tools like ChatGPT, Gemini, and Claude improve daily, spitting out efficient code at an unprecedented pace. Major companies, including Microsoft, are already using AI agents to write parts of their codebases. This accessibility has birthed “vibe coding,” where users with little technical background can ask AI to solve complex problems for them. But as Katie Moussouris, founder and CEO of Luta Security, warns, this ease of use extends to malicious intent. “We’re going to see vibe hacking,” she told WIRED. “People without previous knowledge or deep knowledge will be able to tell AI what it wants to create and get that problem solved.”
The roots of vibe hacking trace back to 2023, when tools like WormGPT—a purpose-built LLM for generating malicious code—spread through underground channels like Discord, Telegram, and darknet forums. Though WormGPT was shut down after gaining attention from security professionals and media, successors like FraudGPT quickly emerged. Many of these tools, as noted by security firm Abnormal AI, were likely just jailbroken versions of mainstream models like ChatGPT, repackaged to appear standalone. This highlights a critical vulnerability: the guardrails on popular LLMs are far from foolproof. Entire online communities are dedicated to bypassing these safeguards, and companies like Anthropic even offer bug bounties for discovering new jailbreak methods in models like Claude. OpenAI, for its part, emphasizes safety, with a spokesperson telling WIRED, “We take steps to reduce the risk of malicious use, and we’re continually improving safeguards to make our models more robust against exploits like jailbreaks.”
Yet, these safeguards are often easily circumvented. In 2023, Trend Micro researchers tricked ChatGPT into generating malicious PowerShell scripts by framing prompts as part of a security research or capture-the-flag exercise. Moussouris confirms this tactic, noting that simply posing as a pentester can coax AI into producing harmful code. This accessibility amplifies the threat from unsophisticated actors like script kiddies, who have long plagued cybersecurity. Hayley Benedict, a Cyber Intelligence Analyst at RANE, told WIRED, “It lowers the barrier to entry to cybercrime.” But the real danger, she argues, lies with established hacking groups who can use AI to scale their already formidable operations, creating malicious code faster and more efficiently than ever before.
The acceleration of cyberattacks through AI is what keeps experts like Moussouris awake at night. “The acceleration is what is going to make it extremely difficult to control,” she says. Smith from Hunted Labs paints an even grimmer picture, imagining a seasoned hacker designing a system that defeats multiple security layers and adapts in real time. Such a piece of code could rewrite its payload as it learns, creating chaos that’s “completely insane and difficult to triage.” He envisions a scenario where 20 zero-day exploits strike simultaneously—a nightmare that would overwhelm even the most prepared defenses. “That makes it a little bit more scary,” he admits.
While the tools for such catastrophic attacks exist today, Moussouris cautions that AI isn’t yet advanced enough for an inexperienced hacker to operate entirely hands-off. “We’re not quite there in terms of AI being able to fully take over the function of a human in offensive security,” she explains. The primal fear of chatbot-generated code is that anyone could wield it, but the reality is far more nuanced—and perhaps more frightening. A sophisticated actor with deep coding knowledge, paired with AI’s speed and scalability, represents the true threat. XBOW, created by a team of over 20 skilled professionals with backgrounds at GitHub and Microsoft, is a testament to what’s possible when expertise meets AI. It’s also a reminder that autonomous “AI hackers” are closer than we think.
This duality—AI as both weapon and shield—defines the next chapter of the cybersecurity arms race. Benedict puts it succinctly: “The best defense against a bad guy with AI is a good guy with AI.” Moussouris, with 30 years of experience in the field, sees AI as just the latest evolution in a long-standing battle. What began with manual hacks and custom exploits moved to automated tools that anyone could use. Now, AI is the newest tool in the toolbox, and those who master it will shape the future of digital security. “Those who do know how to steer it appropriately now are going to be the ones that make those vibey frontends that anyone could use,” she predicts.
As we stand on the brink of this AI-driven era of hacking, the stakes couldn’t be higher. Vibe hacking may empower the masses, but it’s the skilled operators who will turn this technology into a global threat—or a vital defense. The question remains: will we brace in time, or will the impact catch us unprepared? Only time, and the next wave of innovation, will tell.