Agentic cyber security AI abused for Citrix Netscaler attacks

Cyber security vendor Check Point Software says a recently released AI-powered framework for fast automated testing has quickly become abused by threat actors to develop and execute attacks, including current ones on Citrix Netscaler appliances.

The framework in question is Hexstrike AI and Check Point's director of solution engineering, Amit Weigman, said that threat actors are now using the application to go after recent zero-day vulnerabilities to obtain remote access.

Weigman posted screenshots of posts from the so-called "dark web" in which alleged threat actors discussed the Hexstrike AI framework.

He said the release of Hexstrike AI would be concerning in any context, as it would be extremely attractive to atackers.

Weigman went on to connect use of the AI framework with threat actors quickly and easily reconnoitring for newly found vulnerable Citrix Netscaler systems, and crafting exploits for them, which is a complex task normally.

Hexstrike AI was developed by Mohammad Osama who released the code on the open-source GitHub repository.

It uses Anthropic's Model Context Protocol (MCP) to set up a server that talks to large language models such as Claude.AI, OpenAI's GPT, Microsoft Copilot and others.

Some 150 security tools can be invoked with AI agents through Hexstrike, saving time and effort.

"A task that might take a human operator days or weeks can now be initiated in under 10 minutes," Weigman said.

Osama told iTNews that the intention behind Hexstrike was to empower defenders, red teams (offensive testers) and researchers with the same speed and orchestration capabilities that threat actors are beginning to adopt.

"The reality is, automation and AI are transforming cyber operations on both sides," Osama said.

"Attackers will leverage these tools to reduce the time between vulnerability disclosure and exploitation, but defenders can leverage the exact same technologies to detect faster, respond smarter, and patch quicker," he added.

In iTNews' own testing, with Hexstrike version 6.0.0 installed, the publication was able to attach an MCP server to Claude.AI to launch agents to provide information on sites, using common security tools.

Independent testing and verification of Hexstrike is yet to be done, however.

Hexstrike is not just an MCP wrapper for security tools, Osama explained; instead, the application is an AI-driven cyber security platform that uses MCP as its communication protocol.

"Unlike simple tool wrappers, HexStrike AI analyses targets and adapts strategy automatically," Osama said.

Osama agreed it could be compared to the existing Metasploit framework, which is a static collection, with Hexstrike "giving life to hacking tools". 

Hexstrike correlates vulnerabilities across multiple tools, generates custom exploits based on findings and creates probabilistic attack chains, and also learns from results to improve assessments, he added.

Under the hood, Hexstrike runs an AI decision engine, and more than 12 autonomous AI agents Osama said.

"While it does integrate 150-plus security tools, the real value is in the way Hexstrike allows AI to think strategically about cyber security and executes intelligently through those tools," Osama said.

Osama is currently working on a new release of Hexstrike, version 7.0, with support for more tools and an integrated retrieval augmented generation (RAG) system included.