Panda SecurityArtificial intelligence (AI) is changing the way cybercriminals plan, launch, and scale attacks. But the same technology can also help people and businesses stay safer online.
The latest research from Google’s Threat Intelligence Group (GTIG) shows that AI is no longer just a helper for hackers. It is now built directly into malware and attack workflows, which makes smart, layered protection more important than ever.
How AI is changing cyber threats
Threat actors are starting to embed AI models inside malware so it can change its own behavior automatically to better avoid detection by traditional antimalware tools. GTIG highlights new malware families like PROMPTFLUX and PROMPTSTEAL that call large language models during execution. To generate fresh malicious code or system commands instead of relying on pre-coded payloads.
The GTIG AI Threat Tracker report notes, “Adversaries are no longer leveraging artificial intelligence just for productivity gains, they are deploying novel AI-enabled malware in active operations. This marks a new operational phase of AI abuse.”
This shift means attacks can become more adaptive, harder to spot with simple signature-based tools. And easier to reuse across different targets. GTIG also found that state-backed groups from countries including Russia, China, Iran, and North Korea are using AI. To strengthen every stage of their operations, from reconnaissance and phishing to command-and-control and data theft.
How hackers are using AI today
GTIG’s report shows that attackers now rely on AI tools in three main ways. Inside malware, in social engineering, and across a growing underground market.
- AI-powered malware such as PROMPTFLUX can ask an AI model to rewrite its own code for obfuscation, helping it slip past static antivirus signatures by constantly changing its appearance.
- PROMPTSTEAL, used by the Russian group APT28, uses an LLM hosted on Hugging Face to generate commands that silently collect system information and copy Office, PDF, and text documents so they can be extracted from the victim’s computer.
- Threat actors are also social engineering AI systems themselves by posing as computer science students or cybersecurity researchers to persuade models like Gemini to reveal technical details that would normally be blocked.
Criminals are making these tools available to each other too. With online marketplaces advertising AI-powered tools for phishing, malware generation, and vulnerability research. Allowing even unskilled hackers to use these technologies. This industrialization of AI tooling makes it easier to launch high-volume, targeted attacks against everyday users and small businesses.
What this means for regular users
For most people and organizations, AI-enabled attacks will feel less like science fiction. And more like phishing emails that are harder to spot, malware that slips past outdated defenses, and scams that adapt when you challenge them. Because AI helps attackers write fluent, localized messages and tailor lures based on publicly available information, it becomes much harder to rely on obvious spelling mistakes or generic language as red flags.
AI-assisted malware that can change its own code also raises the stakes for relying solely on basic antivirus or manual security checks. Traditional tools that focus only on known signatures or static patterns are less likely to spot code that is continuously rewritten by an AI model during execution. This makes behavior-based detection (aka “heueristics”), threat intelligence, and continuous monitoring increasingly important for home and business environments.
How to stay protected against AI-driven threats
The good news is that many of the best ways to stay safe in an AI-driven threat landscape build on familiar security habits. But with a stronger focus on layered protection and behavior monitoring.
- Use security software like Panda Dome that combines real-time protection with behavioral analysis and cloud-based intelligence so it can detect suspicious actions, not just known malware files.
- Enable automatic updates for your operating systems, apps, and browsers so attackers cannot easily exploit or weaponize known vulnerabilities with AI-generated exploits.
- Treat unsolicited messages and emails with extra caution, especially those involving payments, passwords, or urgent requests – even if they look polished and highly personalized.
- Turn on multi-factor authentication (MFA) wherever possible so a stolen or guessed password is not enough to break into your accounts.
- Limit privileges on your devices and accounts so that, if malware does run, it has less access to sensitive data and critical systems.
Why AI-backed defense matters
GTIG’s findings underline that defenders need AI as much as attackers do, using AI-powered antimalware. And security software to spot anomalies at scale, correlate signals, and respond faster than a user can.
AI is becoming a force multiplier on both sides of cybersecurity, making adaptive, intelligent defenses essential rather than optional. By combining modern security tools, good digital habits, and ongoing education, you can still stay one step ahead. Even as attackers upgrade their tactics with AI.
