Artificial intelligence is quickly becoming another business tool. Employees use it to summarize reports, write code, analyze data, and answer questions throughout the workday. Unfortunately, cybercriminals are adopting AI just as enthusiastically.
Over the past few weeks, researchers have published several examples that demonstrate just how quickly the threat landscape is evolving. Individually, each story is noteworthy. Together, they paint a picture of attackers learning to exploit not just software, but the way AI systems think and interact with people.
Hidden Instructions Are Becoming the Next Prompt Injection
Researchers at Malwarebytes recently highlighted a technique known as GhostCommit, which hides malicious AI instructions inside seemingly harmless images. While a human sees nothing unusual, an AI model processing the image can interpret embedded prompts that alter its behavior. The research demonstrates that prompt injection attacks are expanding beyond text and into visual content, creating new challenges for organizations adopting multimodal AI.
Attackers Are Exploiting AI Hallucinations
Security researchers have also identified a technique called hallusquatting, where attackers register software packages that exist only because an AI model hallucinated their names. If a developer copies AI-generated code without verifying the dependencies, malicious software can be installed instead of legitimate libraries.
Rather than exploiting human typing mistakes like traditional typosquatting, hallusquatting exploits AI mistakes, turning inaccurate recommendations into an effective malware delivery mechanism.
AI Is Beginning to Drive Attacks on Its Own
Perhaps the most concerning development comes from research into JadePuffer, which has been described as the first complete LLM-driven ransomware attack. Rather than simply using AI to generate phishing emails or write malware, the research demonstrates how large language models can actively participate throughout an attack chain, making decisions and adapting as the operation unfolds.
While this research is still emerging, it offers a glimpse into what future ransomware campaigns could look like as attackers increasingly automate complex tasks that once required skilled human operators.
AI Is Helping Defenders Fight Back
The news is not entirely one-sided. Researchers have also demonstrated how AI can be used to waste scammers’ time by engaging them in realistic conversations while collecting intelligence about their methods. While these systems are not a replacement for secure email gateways or phishing awareness training, they illustrate how AI can help defenders automate repetitive work and better understand attacker behavior.
As defensive AI capabilities continue to mature, security teams will increasingly use these tools to identify threats faster, investigate incidents more efficiently, and reduce the burden on human analysts.
AI Doesn’t Change the Goal, Only the Battlefield
These four stories all reinforce the same lesson. AI is becoming another attack surface, another tool for defenders, and another technology that organizations must learn to secure. Whether attackers are hiding prompts inside images, exploiting hallucinations, automating ransomware, or defenders are using AI to counter phishing campaigns, the common thread is trust.
Organizations should embrace AI because the productivity gains are undeniable. At the same time, they should apply the same security principles that have always mattered: verify information, validate code and dependencies, monitor emerging threats, and educate users about new risks.
Cybersecurity has always evolved alongside technology. AI is simply accelerating that evolution. The organizations that succeed will be the ones that recognize AI is no longer just a productivity tool. It has become an integral part of the modern threat landscape, and protecting organizations, people, and data means securing the AI systems we increasingly rely upon.


