Since our February 2026 report on AI-related threat activity, Google Threat Intelligence Group (GTIG) has continued to track a maturing transition from nascent AI-enabled operations to the industrial-scale application of generative models within adversarial workflows. This report, based on insights derived from Mandiant incident response engagements, Gemini, and GTIG’s proactive research, highlights the dual nature of the current threat environment where AI serves as both a sophisticated engine for adversary operations and a high-value target for attacks. We explore the following developments: Vulnerability Discovery and Exploit Generation; AI-Augmented Development for Defense Evasion; Autonomous Malware Operations; AI-Augmented Research and IO: Obfuscated LLM Access; Supply Chain Attacks.
Read more…
Source: Google Threat Intelligence Group
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- UK: Ransomware attack on NHS systems could take weeks to fix, major IT provider warns
August 11, 2022
A cyberattack that hit a major IT provider for the NHS and severely affected the 111 service involved ransomware and could take up to four weeks to fix, it has emerged. Advanced, which supplies vital systems for the NHS, said it suffered a cyber breach around 7am on 4 August which has now been contained. The attack ...
- Cisco admits corporate network compromised by gang with links to Lapsus$
August 11, 2022
Cisco disclosed on Wednesday that its corporate network was accessed by cyber-criminals in May after an employee’s personal Google account was compromised – an act a ransomware gang named “Yanluowang” has now claimed as its work. The world’s largest networking vendor disclosed the months-old compromise after a list of files accessed during the incident appeared on ...
- #StopRansomware: Zeppelin Ransomware
August 11, 2022
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are releasing this joint CSA to disseminate known Zeppelin ransomware IOCs and TTPs associated with ransomware variants identified through FBI investigations as recently as 21 June 2022. The FBI and CISA encourage organizations to implement the recommendations in the Mitigations section ...
- Automotive supplier breached by 3 ransomware gangs in 2 weeks
August 10, 2022
An automotive supplier had its systems breached and files encrypted by three different ransomware gangs over two weeks in May, two of the attacks happening within just two hours. The attacks followed an initial breach of the company’s systems by a likely initial access broker (IAB) in December 2021, who exploited a firewall misconfiguration to breach ...
- Phishers who breached Twilio and fooled Cloudflare could easily get you, too
August 10, 2022
At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not just employees but employees’ family members as well. In the case of Twilio, a San Francisco-based provider of two-factor authentication and communication services, the unknown hackers succeeded in phishing the ...
- Cisco Talos shares insights related to recent cyber attack on Cisco
August 10, 2022
On May 24, 2022, Cisco became aware of a potential compromise. Since that point, Cisco Security Incident Response (CSIRT) and Cisco Talos have been working to remediate. During the investigation, it was determined that a Cisco employee’s credentials were compromised after an attacker gained control of a personal Google account where credentials saved in the victim’s ...