AI-Powered HexStrike Tool Accelerates Exploitation of Citrix Vulnerabilities

Crims boast of using HexStrike AI against Citrix bugs

Attackers on underground forums claimed they were using HexStrike AI, an open-source red-teaming tool, against Citrix NetScaler vulnerabilities within hours of disclosure, according to Check Point cybersecurity evangelist Amit Weigman. The AI tool, and its near-instantaneous adoption by cybercriminals, signal "the window between disclosure and mass exploitation shrinks dramatically," Weigman wrote in a Tuesday blog. CVE-2025-7775, a critical, pre-auth remote code execution bug, was abused as a zero-day to drop webshells and backdoor appliances before Citrix issued a patch. "And with HexStrike AI, the volume of attacks will only increase in the coming days," Weigman warned. HexStrike AI is an AI-powered penetration testing framework developed by security researcher Muhammad Osama and released on GitHub several weeks ago. The offensive security utility integrates with more than 150 security tools to perform network reconnaissance and scanning, web application security testing, reverse engineering and a slew of other tasks. It also connects to more than a dozen AI agents to scan for vulnerabilities, automate exploit development, and discover new attack chains. The GitHub repository warns that HexStrike AI shouldn't be used for unauthorized system testing, illegal or harmful activities, or data theft. However, shortly after its release, criminals -- as they are wont to do with any type of legitimate pen-testing tool -- began discussing HexStrike AI in the context of the Citrix security holes, according to Check Point. "Exploiting these vulnerabilities is non-trivial," Weigman wrote. "Attackers must understand memory operations, authentication bypasses, and the peculiarities of NetScaler's architecture. Such work has historically required highly skilled operators and weeks of development." Like other security frameworks, it can be misused, but it does not include pre-built zero-day exploits However, dark-web posts shared by the company suggest that, within 12 hours of disclosure, attackers claimed to be using HexStrike AI to generate exploit code and scan for vulnerable NetScaler instances. While Check Point security architect manager Aaron Rose told The Register that the security shop doesn't have proof "at this time," that miscreants actually used the AI tool to orchestrate attacks, "we have compelling early signals from attacker communities that the tool is being pointed at NetScaler zero-days, which makes it highly likely we'll see confirmed exploitation soon." "HexStrike AI is a turning point because it collapses the barrier to entry for complex exploits," Rose said. "Attacks that once required highly skilled operators and days of manual effort can now be orchestrated by AI in minutes, giving adversaries speed and scale defenders have never faced before." When asked about HexStrike AI being co-opted by attackers, and if he regrets releasing it publicly, Osama told The Register that it's intended to help defenders stay ahead of the criminals and not the other way around. "HexStrike AI was built as a defender-first framework to accelerate penetration testing and resilience assessments by combining LLM-driven orchestration with hundreds of security tools," he said via email, in response to questions. "The aim is to help defenders uncover vulnerabilities before attackers do, using AI to simulate diverse attack paths and perspectives at machine speed," Osama said. "Like other security frameworks, it can be misused, but it does not include pre-built zero-day exploits. It automates workflows, and others may insert their own logic. I have also withheld release of the RAG-based version, which can dynamically integrate CVE intelligence and adjust testing in real time, to carefully balance empowering defenders with limiting abuse." RAG, or Retrieval-Augmented Generation, is an AI framework that combines LLMs with an information retrieval system, essentially supercharging the models' responses. The mission of HexStrike, he added, is to give defenders the same "adaptive automation" capabilities that adversaries are already using. "HexStrike was created to strengthen defense and prepare the community for a future where AI-driven orchestration and autonomous agents will shape both attack and defense," Osama said. ®

Threat Actors Weaponize HexStrike AI to Exploit Citrix Flaws Within a Week of Disclosure

Threat actors are attempting to leverage a newly released artificial intelligence (AI) offensive security tool called HexStrike AI to exploit recently disclosed security flaws. HexStrike AI, according to its website, is pitched as an AI‑driven security platform to automate reconnaissance and vulnerability discovery with an aim to accelerate authorized red teaming operations, bug bounty hunting, and capture the flag (CTF) challenges. Per information shared on its GitHub repository, the open-source platform integrates with over 150 security tools to facilitate network reconnaissance, web application security testing, reverse engineering, and cloud security. It also supports dozens of specialized AI agents that are fine-tuned for vulnerability intelligence, exploit development, attack chain discovery, and error handling. But according to a report from Check Point, threat actors are trying their hands on the tool to gain an adversarial advantage, attempting to weaponize the tool to exploit recently disclosed security vulnerabilities. "This marks a pivotal moment: a tool designed to strengthen defenses has been claimed to be rapidly repurposed into an engine for exploitation, crystallizing earlier concepts into a widely available platform driving real-world attacks," the cybersecurity company said. Discussions on darknet cybercrime forums show that threat actors claim to have successfully exploited the three security flaws that Citrix disclosed last week using HexStrike AI, and, in some cases, even flag seemingly vulnerable NetScaler instances that are then offered to other criminals for sale. Check Point said the malicious use of such tools has major implications for cybersecurity, not only shrinking the window between public disclosure and mass exploitation, but also helping parallelize the automation of exploitation efforts. What's more, it cuts down the human effort and allows for automatically retrying failed exploitation attempts until they become successful, which the cybersecurity company said increases the "overall exploitation yield." "The immediate priority is clear: patch and harden affected systems," it added. "Hexstrike AI represents a broader paradigm shift, where AI orchestration will increasingly be used to weaponize vulnerabilities quickly and at scale." The disclosure comes as two researchers from Alias Robotics and Oracle Corporation said in a newly published study that AI-powered cybersecurity agents like PentestGPT carry heightened prompt injection risks, effectively turning security tools into cyber weapons via hidden instructions. "The hunter becomes the hunted, the security tool becomes an attack vector, and what started as a penetration test ends with the attacker gaining shell access to the tester's infrastructure," researchers Víctor Mayoral-Vilches and Per Mannermaa Rynning said. "Current LLM-based security agents are fundamentally unsafe for deployment in adversarial environments without comprehensive defensive measures."

Hackers use new HexStrike-AI tool to rapidly exploit n-day flaws

Hackers are increasingly using a new AI-powered offensive security framework called HexStrike-AI in real attacks to exploit newly disclosed n-day flaws. This activity is reported by CheckPoint Research, which observed significant chatter on the dark web around HexStrike-AI, associated with the rapid weaponization of newly disclosed Citrix vulnerabilities, including CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424. According to ShadowServer Foundation's data, nearly 8,000 endpoints remain vulnerable to CVE-2025-7775 as of September 2, 2025, down from 28,000 the previous week. HexStrike-AI is a legitimate red teaming tool created by cybersecurity researcher Muhammad Osama, which enables the integration of AI agents to autonomously run over 150 cybersecurity tools for automated penetration testing and vulnerability discovery. "HexStrike AI operates with human-in-the-loop interaction through external LLMs via MCP, creating a continuous cycle of prompts, analysis, execution, and feedback," reads its creator's description. HexStrike-AI's client features a retry logic and recovery handling to mitigate the effects of failures in any individual step on its complex operations. Instead, it automatically retries or adjusts its configuration until the operation completes successfully. The tool has been open-source and available on GitHub for the last month, where it has already garnered 1,800 stars and over 400 forks. Unfortunately, it has also attracted the attention of hackers who have begun to use it in their attacks. According to CheckPoint, hackers started discussing the tool on hacking forums, where they discussed how to deploy HexStrike-AI to exploit the mentioned Citrix NetScaler ADC and Gateway zero-day vulnerabilities within hours of their disclosure. Threat actors reportedly used it to achieve unauthenticated remote code execution through CVE-2025-7775 and then drop webshells on compromised appliances, with some offering compromised NetScaler instances for sale. CheckPoint believes it's likely the attackers used the new pentesting framework to automate their exploitation chain, scanning for vulnerable instances, crafting exploits, delivering payloads, and maintaining persistence. Although the actual involvement of HexStrike-AI in these attacks hasn't been confirmed, such a level of automation could reduce the n-day flaw exploitation times from several days down to a few minutes. Such a development would leave system administrators with an already small patching window and even less time before attacks begin. "The window between disclosure and mass exploitation shrinks dramatically." commented Check Point on a recently disclosed Citrix flaw. "CVE-2025-7775 is already being exploited in the wild, and with Hexstrike-AI, the volume of attacks will only increase in the coming days." Although speedy patching remains crucial, this paradigm shift brought by AI-powered attack frameworks makes it even more important to maintain a strong, holistic security stance. Check Point recommends defenders focus on early warning through threat intelligence, AI-driven defenses, and adaptive detection.

New AI-powered HexStrike tool is being used to target multiple Citrix security flaws

The patching window for system administrators keeps shrinking Cybercriminals are using a legitimate red teaming tool to automate the exploitation of n-day vulnerabilities, reducing the time businesses have to fix flaws from days to literal minutes. Security experts at Check Point Research said they observed "chatter" around the dark web of a tool called HexStrike-AI, an open source offensive security framework that connects large language models such as GPT, Claude, and Copilot with cybersecurity tools through the Model Context Protocol. It provides access to more than 150 tools for penetration testing, bug bounty automation, and vulnerability research, using multiple AI agents to manage workflows, analyze data, and run scanning, exploitation, or reporting tasks. It is powered by an "Intelligent Decision Engine" that selects and executes tools based on the target environment, and supports network analysis, web application testing, cloud security checks, reverse engineering, and OSINT. Check Point Research says that hackers are sharing information on how to deploy HexStrike-AI to take advantage of CVE-2025-7775, CVE-2025-7776, and CVE-2025-8424, three vulnerabilities recently discovered in Citrix NetScaler ADC and Gateway instances. The tool allegedly helped them achieve unauthenticated remote code execution which, in turn, allowed them to drop webshells and maintain persistence. While this chatter isn't evidence enough of abuse, if confirmed, the news would mean the exploitation time can be cut down from several days to a few minutes, leaving system administrators with an already small patching window, and even less time before attacks begin. "CVE-2025-7775 is already being exploited in the wild, and with Hexstrike-AI, the volume of attacks will only increase in the coming days," CPR warned. With this level of automation, keeping software updated without a patch management platform will probably be impossible.