Hackers Are Using AI Vibe Coding To Build Custom Malware

“Vibe coding”, the practice of building software by chatting with an AI rather than writing code by hand, has become a buzzword in the startup world over the past year. Now, cybersecurity researchers say criminals are doing exactly the same thing to build malware.

In a new report, cybersecurity firm Huntress details a real-world break-in, spotted in early June, in which an attacker used a custom, AI-generated script to snoop through a company’s entire internal network. The firm says it’s one of the clearest examples yet of a hacker leaning on an AI assistant to write attack tools on the fly, rather than buying or building traditional hacking software.

 

What Actually Happened

 

The attacker got into a company’s systems using stolen login details, then ran a script that quietly catalogued staff accounts, computers and internal network structure. Half an hour later, they used a legitimate cloud storage tool, the kind businesses use every day, to start pulling data out, before running a second scanning tool to check for anything they’d missed.

None of that is new. What is new, according to Huntress, is that the reconnaissance script itself had clearly never existed before and was likely never used before, either: the tell-tale sign of something generated through back-and-forth prompting with an AI chatbot rather than downloaded off the shelf.

 

The Giveaways

 

Researchers pointed to a handful of AI “tells” left in the code: a title reading like a note to fix bugs (“100% Working… FULLY FIXED”), a placeholder example name the attacker never bothered to update, an overly elaborate method for finding the target’s main server and perhaps the strangest touch, a beautifully formatted, colour-coded report summarising everything the malware had stolen.

Researchers suspect the AI added that last flourish unprompted, simply because that’s the kind of “helpful” output it’s trained to produce.

Why This Should Be On Founders’ Radar

 

For growing businesses, the practical risk isn’t that AI is enabling some new, exotic form of hacking. The attack itself followed a familiar pattern of stolen credentials, network snooping and data theft. The risk is that AI is lowering the skill and effort required to pull it off, putting more capable attack tooling into the hands of less experienced criminals, faster than before.

It also has implications for how cybersecurity products work. Traditional antivirus and detection tools often rely on recognising known malicious files, but a script freshly generated by an AI chatbot won’t match anything seen before, since it’s effectively one-of-a-kind. Huntress argues that security tools and IT teams need to focus on spotting suspicious behaviour on a network, rather than only trying to match known bad code, as this kind of AI-assisted attack becomes more common.

The takeaway for UK businesses and startups: as generative AI tools become part of everyday workflows for legitimate developers, expect the same tools to keep showing up on the other side of the fence too, and make sure your security provider is looking for behaviour, not just known threats.