Threat actors are rapidly weaponizing Hexstrike-AI<\/a>, a recently released AI-powered offensive security framework, to scan for and exploit zero-day CVEs in under ten minutes.\u00a0<\/p>\n Originally marketed as an offensive security framework for red teams, Hexstrike-AI\u2019s architecture has already been repurposed by malicious operators within hours of its public release.<\/p>\n Checkpoint\u2019s recent analysis shows how artificial intelligence (AI) can manage and simplify complex attacks by coordinating many specialized agents. This AI-driven system helps automate multi-step attacks more efficiently.<\/p>\n With Hexstrike-AI<\/a>, that theory has become operational. The framework stands on a FastMCP server core, binding large-language models<\/a> (Claude, GPT, Copilot) to over 150 security tools via MCP decorators.\u00a0<\/p>\n AI agents can invoke standardized functions such as nmap_scan(target, options) and execute_exploit(cve_id, payload) without human micromanagement.\u00a0<\/p>\n Dark-web chatter confirmed that threat actors are testing Webshell deployments against the freshly disclosed\u00a0Citrix NetScaler ADC and Gateway\u00a0<\/a>CVEs CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424\u00a0<\/span>within hours of disclosure.<\/p>\n Hexstrike-AI\u2019s MCP orchestration layer interprets high-level commands, such as \u201cexploit NetScaler,\u201d into sequenced technical workflows.\u00a0<\/p>\n Each stage <\/span>of reconnaissance, memory-handling\u00a0exploitation, persistence via webshell, and exfiltration is handled by specialized MCP agents, ensuring retry logic and automated resilience.\u00a0<\/p>\n CheckPoint observed that<\/a>, to the underground posts, operators achieved unauthenticated remote code execution on vulnerable appliances and dropped web shells in under ten minutes.<\/p>\n The architecture of Hexstrike-AI implements:<\/p>\n Abstraction Layer:<\/strong> Translates vague operator intent into precise function calls.<\/p>\n MCP Agents: <\/strong>Autonomous servers bridging LLMs with tools, orchestrating everything from nmap_scan and hydra_brute to custom NetScaler exploit modules.<\/p>\n Automation & Resilience:<\/strong> Built-in retry loops and failure recovery ensure chained operations proceed without human intervention.<\/p>\n Intent-to-Execution Translation: <\/strong>The execute_command API dynamically constructs and executes workflows based on intent strings.<\/p>\n This model mirrors academic projections of AI orchestration driving next-gen cyberattacks\u2014now crystallized in Hexstrike-AI\u2019s code.<\/p>\n Citrix\u2019s August 26 advisories revealed three critical NetScaler vulnerabilities. Traditionally, exploiting such memory and access-control flaws demanded expert reverse engineering and exploit writing.\u00a0<\/p>\n Hexstrike-AI collapses that barrier, enabling parallelized scanning of thousands of IPs and dynamic adaptation of exploit parameters until success.<\/p>\n The time-to-exploit for CVE-2025-7775 has already been reduced from weeks to minutes, with webshell-equipped appliances appearing on underground markets.<\/p>\n Organizations must quicken patching cycles and implement adaptive, AI-driven detection systems.\u00a0<\/p>\n Static signatures alone will not suffice against rapidly orchestrated attacks. Monitoring dark-web intelligence for early signals, enforcing segmentation and least-privilege models, and integrating autonomous response playbooks are critical.\u00a0<\/p>\n Defenders must keep up with the growth of AI-powered offenses through telemetry correlation and machine-speed patch validation.<\/p>\n Find this Story Interesting! Follow us on Google News<\/a>,\u00a0LinkedIn<\/a>,\u00a0and\u00a0X<\/a>\u00a0to Get More Instant Updates<\/strong>.<\/p>\n The post Hackers Leverage Hexstrike-AI Tool to Exploit Zero Day Vulnerabilities Within 10 Minutes<\/a> appeared first on Cyber Security News<\/a>.<\/p>\n<\/div>\nKey Takeaways<\/mark><\/strong>
1. Hexstrike-AI automates zero-day exploits in under 10 minutes.
2. It links LLMs to 150+ tools for resilient workflows.
3. Rapidly weaponized against Citrix CVEs, driving urgent AI-driven defenses.<\/pre>\nHexstrike-AI Automates Exploits in Minutes<\/strong><\/h2>\n
![\"Dark](\"https:\/\/i0.wp.com\/cybersecuritynews.com\/wp-content\/uploads\/2025\/09\/image-35.png?resize=964%2C560&ssl=1\")
![\"\u00a0Dark](\"https:\/\/i0.wp.com\/cybersecuritynews.com\/wp-content\/uploads\/2025\/09\/image-34.png?resize=864%2C274&ssl=1\")
Mitigations<\/strong><\/h2>\n