Cybersecurity researchers have flagged an intrusion in which an unknown threat actor leveraged a vibe-coded PowerShell script for Active Directory (AD) enumeration.
"The script looked for the Domain Controller (DC) and mapped users, computers, and domains, before creating a directory and exporting out a number of files, and finally creating AD_Report.html to measure the success of the enumeration attempt," Huntress researchers Jevon Ang and Dray Agha said.
The attack chain involved the threat actor establishing Remote Desktop Protocol (RDP) access onto a domain-joined Windows Server with a set of pre-compromised credentials, followed by staging the tools in the "C:\ProgramData\" folder. The incident took place in early June 2026.
This included an artificial intelligence (AI)-generated payload to map the Active Directory environment. The assessment is based on various telltale signs, such as the prompt iteration title, placeholder strings, over-engineered code that features multiple methods to find a Domain Controller, and beautified console output using cyan, green, red, and yellow.
Huntress described the bespoke PowerShell script as "highly aggressive" and "noisy," making use of a "five-step cascading fallback mechanism" to enable reconnaissance and discovery. It's titled "100% Working AD Information Gathering Script - FULLY FIXED," suggesting a back-and-forth with a large language model (LLM).
Once the primary Domain Controller is located, it initiates a data collection routine to systematically harvest AD users, computers, groups, organizational units (OUs), and trusts, and store the details in a staging directory.
About 30 minutes later, the attacker moved to deploy a s5cmd, a legitimate tool used for bulk file operations, along with SharpShares, a C#-based network shares enumeration utility, to look for user-accessible data repositories.
In the final stage, the data is said into CSV files, archived, and exfiltrated to a remote server, but not before creating an HTML file summarizing the data theft in the form of an Active Directory Inventory Report.
"It's likely a 'helpful' inject from the LLM that the attacker simply went along with, rather than being intentionally authored into the script," the researchers explained.
The development is yet another sign that threat actors are augmenting their arsenal with vibe-coded malware generated with assistance from AI models, even if the technology isn't being abused in ways not seen before. What it does change is that it lowers the barrier to entry for cybercrime, permitting less-skilled actors to come up with highly capable, evasive tooling with minimal effort.
"The underlying attack chain still resembles the tried-and-tested smash-and-grab playbook we've seen for years," Huntress said. "This core methodology has remained consistent, but it is now being selectively augmented by AI. This hybrid approach prioritises aggression and speed over stealth, allowing threat actors to execute highly damaging campaigns faster than ever."
AI as a Force Multiplier
In a report published last week, Sygnia revealed that AI-enabled attackers do not necessarily need novel malware or zero-days, but that the real shift lies in the fact that cyber intrusions can be orchestrated at a speed and scale faster and bigger than defenders can contain them.
The incident response company said it observed an AI-assisted cloud attack that progressed from initial access to broad compromise within a span of about 72 hours against a large Amazon Web Services (AWS)-based environment. The end goal of the activity is assessed to be financially motivated, with the attacker using the access to the victim's cloud infrastructure for use as leverage for extortion.
"The threat actor repeatedly leveraged newly acquired credentials to restart discovery, secrets harvesting, persistence, and impact activities," it said. "The attack relied on familiar cloud techniques rather than novel malware or zero-days."
"The threat actor was not exploiting a single misconfiguration; they were chaining weaknesses across application services, AWS resources, source-control repositories, CI/CD workflows, runtime components, and data stores, while rapidly executing credential discovery, secrets harvesting, cloud enumeration, deployment-pipeline abuse, runtime modification, database access, and operational disruption."
The attacker, per Sygnia, entailed repeated attempts to establish persistence on the compromised hosts, obtaining the access key to one of the AWS accounts through shortcomings in an internet-facing application. Each new access was followed by renewed enumeration, additional secret collection, persistence attempts by creating access keys and IAM users, and data exfiltration. At the same time, several attacker-created artifacts were masked as a pentest or a red teaming exercise.
To further exert pressure on victims, the attacker performed a series of actions -
- Denying access to S3 buckets
- Limiting ECS services or containers to a maximum capacity of zero
- Creating ACL rules to block network access
- Purging SQS queues
"The significance was not that AI introduced new attack techniques, as every observed action mapped to long-established adversary behaviors, but that it reduced the time and effort required to operationalize those techniques across a complex environment," Sygnia pointed out.
"The threat actor repeatedly converted newly obtained access into tailored action. For each new access key, the actor appeared to quickly determine the associated permissions, reachable resources, and most valuable next steps."





