![\"AI](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/05\/google-AI-vulnerability-exploitation.webp\" "\\"LLM")
<\/p>\n
LLM vulnerability discovery capabilities compared with other discovery mechanisms (Source: Google)<\/p>\n
AI-assisted malware gets harder to detect<\/p>\n
Beyond vulnerability discovery, AI is embedded in malware development in ways that complicate detection.<\/p>\n
Russia-nexus actors have deployed two malware families, CANFAIL and LONGSTREAM, that use AI-generated decoy code to obscure their malicious functionality. CANFAIL contains LLM-authored comments explicitly describing blocks of code as unused filler, indicating the threat actor requested that the model generate large volumes of inert code for obfuscation. LONGSTREAM contains 32 separate instances of code querying the system\u2019s daylight saving time status, a repetitive and functionally irrelevant pattern designed to make the script appear benign to analysts.<\/p>\n
A separate PRC-linked actor, APT27, used Google\u2019s Gemini to accelerate development of a network management application supporting an operational relay box network. The tool was configured with a three-hop routing parameter and listed mobile routers as supported device types, indicating an intent to route traffic through residential IP addresses.<\/p>\n
PROMPTSPY expands autonomous attack capability<\/p>\n
An Android backdoor called PROMPTSPY<\/a> takes AI integration further. The malware, first identified by ESET, contains an autonomous agent module that sends the device\u2019s live user interface layout to Google\u2019s Gemini API and receives back precise tap coordinates and gesture commands. The malware can simulate clicks, swipes, and other physical interactions without human involvement.<\/p>\n PROMPTSPY can also capture biometric authentication data, including PINs and lock patterns, and replay them to regain access to a locked device. If a user attempts to uninstall it, the malware renders an invisible overlay over the uninstall button, silently intercepting touch inputs. Its command-and-control infrastructure, including API keys, can be updated remotely without redeploying the payload. Google said no apps containing PROMPTSPY are currently on Google Play<\/a>, and Android devices with Google Play Services are protected by Google Play Protect.<\/p>\n Hultquist noted that comparable malware exists, and the question is whether any variant achieves meaningful scale. \u201cSimilar malware is in the wild, but it\u2019s mostly experimental. We\u2019re looking for threat actors to find something that works at scale. Then they\u2019ll probably lean into it. As AI systems<\/a> become more ubiquitous they will become a target and a tool for actors inside the network to get what they want.\u201d<\/p>\n Supply chain attacks reach AI infrastructure<\/p>\n In March 2026, a cybercrime group called TeamPCP<\/a>, also tracked as UNC6780, compromised several GitHub repositories, including those tied to the LiteLLM<\/a> AI gateway library and vulnerability scanner Trivy. The attackers embedded a credential stealer called SANDCLOCK in affected build environments, extracting cloud secrets including AWS keys and GitHub tokens. Those credentials were then used in partnerships with ransomware groups.<\/p>\n The LiteLLM compromise is notable because the library is widely used to connect software applications to multiple AI providers. Exposure of API secrets from that package could give attackers access to an organization\u2019s AI environment, enabling reconnaissance and data collection at scale from within enterprise networks.<\/p>\n Separately, state-sponsored and criminal actors are systematically bypassing AI platform billing controls. PRC-linked groups have used automated scripts to register and cancel premium LLM accounts, cycling through free-tier access at volume. One cluster deployed a relay service aggregating accounts across Gemini, Claude, and OpenAI to pool access and distribute costs across compromised credentials.<\/p>\n![](\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/divider.gif\")
<\/p>\n