AI-driven tool Hexstrike significantly cuts down exploit duration to less than 10 minutes
In a significant development in the realm of artificial intelligence (AI) and cybersecurity, Check Point Software Technologies has introduced MCP Agents, an advanced server that connects large language models with realistic attack capabilities. This innovative framework, named Hexstrike-AI, allows AI agents to autonomously execute over 150 cybersecurity tools, revolutionizing the way cyberattacks are orchestrated.
Shortly after its release, Hexstrike-AI was repurposed by cybercriminals, with plans to exploit the zero-day vulnerabilities in Citrix NetScaler ADC and Gateway. On last Tuesday (26.08.), Citrix announced three Zero-Day security vulnerabilities affecting NetScaler ADC and NetScaler Gateway devices: CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424.
Hexstrike-AI acts as an intelligent control center for cyberattacks, utilizing over 150 specialized AI agents to autonomously scan, exploit, and infiltrate target systems. The framework sets up a FastMCP Server that acts as a communication node between large language models and tool functions, and tools are wrapped with MCP decorators and made available as callable components that AI agents can invoke.
CVE-2025-7775, already being exploited in the wild, is a critical vulnerability that allows attackers to execute arbitrary code on affected devices. Webshells have been observed on compromised devices, indicating active exploitation. CVE-2025-7776 is a memory management flaw affecting NetScaler's core processes, exploitation not yet confirmed, but high risk. CVE-2025-8424 is a vulnerability in the control access to administrative interfaces, exposing critical control paths.
Attackers can now automate reconnaissance, assist in exploit creation, and facilitate the delivery of payloads for these critical vulnerabilities using Hexstrike-AI. A task that would take a human operator days or weeks can now be completed in less than 10 minutes with Hexstrike-AI. The window between disclosure and mass exploitation shrinks dramatically with Hexstrike-AI, increasing the attack volume in the coming days.
To defend against this new type of threat, companies must evolve their defensive measures. This includes introducing adaptive detection, integrating AI-driven defense measures, shortening patch cycles, consolidating threat intelligence, and resilience engineering. The client has a retry logic and a recovery function to maintain operation even under error conditions, ensuring reliable process flow, which is crucial when chaining scans, exploits, and persistence attempts.
Hexstrike-AI was originally developed as a defense-oriented framework, combining professional security tools with autonomous AI agents to provide comprehensive security testing functions. However, its repurposing by cybercriminals underscores the need for continuous vigilance and rapid response in the ever-evolving cybersecurity landscape.
Read also:
- Understanding Hemorrhagic Gastroenteritis: Key Facts
- Trump's Policies: Tariffs, AI, Surveillance, and Possible Martial Law
- Expanded Community Health Involvement by CK Birla Hospitals, Jaipur, Maintained Through Consistent Outreach Programs Across Rajasthan
- Abdominal Fat Accumulation: Causes and Strategies for Reduction
