The use of AI in cyberattacks has crossed a threshold that Google's threat intelligence team describes as industrialization — threat actors are no longer experimenting with AI tools opportunistically but have built systematic, automated pipelines designed to exploit AI capabilities at production scale. According to Google's findings, these actors have constructed systems to cycle through premium AI accounts, pool API keys across multiple services, and bypass AI safety guardrails using anti-detect browsers and account-pooling services that maintain high-volume anonymized access to frontier model tiers. The practical effect is that criminal operations are running adversarial AI workflows effectively subsidized by trial account abuse and credential sharing, accessing the same frontier model capabilities that legitimate security researchers and developers use but without the associated costs or accountability. Google also identified several active malware families — PROMPTFLUX, HONESTCUE, and CANFAIL — that use LLMs specifically for defense evasion, generating decoy or filler code designed to camouflage malicious logic from automated detection systems. These are not proof-of-concept demonstrations; they are operational tools being deployed in active campaigns.

The industrialization of LLM abuse has specific implications for how organizations need to think about their security posture going forward. Traditional security models assumed that sophisticated vulnerability discovery required rare human expertise, limiting the scale at which well-resourced nation-state actors could operate and making large-scale attacks expensive enough to deter most criminal groups. AI removes that constraint: a single automated pipeline with access to frontier models can scan codebases, identify high-level logic flaws, and generate working exploits at a speed and scale that no human team can match, then deploy those exploits across thousands of targets simultaneously. Google noted that adversaries are increasingly targeting the integrated components that give AI systems their utility — autonomous skills, third-party data connectors, and API integration points — rather than attacking the core security logic of frontier models directly. For crypto platforms and DeFi protocols that have been integrating AI components into their infrastructure, those integration points represent exactly the attack surface Google is warning about: the connectors between AI systems and external data sources or execution environments are where the current generation of AI-enabled attacks is most actively probing.