AI Agents Generate Custom Hacking Tools on the Fly

Trend Micro's TrendAI Research team has documented two threat campaigns — Shadow-Aether-040 and Shadow-Aether-064 — that used AI agents to execute full attack chains against government and financial organizations in Mexico and Brazil. Both campaigns leveraged AI (including Anthropic's Claude) to dynamically generate custom hacking tools, scripts, and backdoors on the fly, making detection by signature-based security tools significantly harder. Attackers jailbroke AI agents by claiming red team authorization, then used them for vulnerability scanning, initial access via web shells, persistence, and lateral movement. The key defensive takeaway: environments with strong security fundamentals — timely patching, zero-trust access controls, and comprehensive monitoring — successfully stopped even AI-augmented attacks.