Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development
,
The Future of AI & Cybersecurity
HexStrike-AI Connects LLMs to Over 150 Existing Security Tools

Hackers began using an open-source offensive security framework to exploit Citrix NetScaler vulnerabilities within hours of their disclosure, said Check Point researchers.
See Also: On Demand | Global Incident Response Report 2025
A framework created by cybersecurity researcher Muhammad Osama supports automated penetration testing. Dubbed HexStrike-AI, it connects large language models to more than 150 existing security tools, running them in sequence with retry logic and error recovery.
Osama described the system as operating “with human-in-the-loop interaction through external LLMs via model context protocol, creating a continuous cycle of prompts, analysis, execution and feedback.” Released publicly, the project has drawn over 1,800 stars and more than 400 forks in its first month.
Check Point researchers said the tool is being discussed on underground forums, where hackers are exchanging instructions on how to deploy it against three Citrix NetScaler flaws disclosed last week: CVE-2025-7775, CVE-2025-7776 and CVE-2025-8424. The most critical of these, CVE-2025-7775, allows unauthenticated remote code execution.
The ShadowServer Foundation found that nearly 28,000 internet-facing endpoints were initially exposed to CVE-2025-7775. By Sept. 2, the figure dropped to about 8,000, suggesting that many organizations had patched, but a significant number were still vulnerable.
Check Point said that the attackers were able to use HexStrike-AI to automate the discovery and exploitation of these systems. Posts on darkweb forums described running scans for vulnerable NetScaler instances, generating exploit payloads and deploying webshells for persistence. Some actors advertised compromised Citrix appliances for sale.
Exploiting an n-day flaw often takes days to weaponize, but Check Point said that HexStrike-AI reduced the time to minutes by orchestrating the entire process. “The window between disclosure and mass exploitation shrinks dramatically,” the researchers wrote. “CVE-2025-7775 is already being exploited in the wild, and with HexStrike-AI, the volume of attacks will only increase in the coming days.”
Forum chatter points to the use of HexStrike-AI, but direct forensic confirmation of its role in observed attacks is limited. The framework is capable of chaining together the necessary steps, such as scanning, exploitation, payload delivery and persistence, but attribution to a specific tool in live intrusions is difficult.
HexStrike-AI’s dual-use nature is not unique. Red-team and penetration testing frameworks such as Cobalt Strike, Metasploit and Sliver have all followed similar trajectories – widely adopted by defenders and later abused by attackers. The difference in the latest instance is the scale and speed afforded by AI integration, researchers said. Instead of relying on manual tuning, HexStrike-AI allows language models to direct the process continuously, recovering from errors and retrying steps until successful.
The release of HexStrike-AI coincided with Citrix’s publication of patches for the three NetScaler flaws. Unsupported versions of NetScaler remain at particular risk, as they no longer receive fixes.
For defenders, Check Point said that patching was still the most effective measure, while the shrinking gap between disclosure and exploitation make early detection and intelligence gathering increasingly critical. The company pointed to “AI-driven defenses” and “adaptive detection” as necessary counterparts to AI-powered offense.