Threat actor uses AI coding agents to build ransomware payloads

A ransomware operator used AI to automate the development of attack tools, running hundreds of evasion tests against real endpoint security products until the payloads could bypass almost all of them.

What happened

Researchers have identified an active ransomware attack framework built using AI coding agents, software programs that can write, test, and revise code automatically without human input at each step. The threat actor used these agents to build, test, and refine malware payloads, the malicious files delivered to victim systems to carry out an attack, designed to avoid endpoint detection and response tools. According to BleepingComputer, researchers discovered the toolkit after alerts fired on files found in a customer environment. The framework included tools for disguising malicious traffic as normal web activity, a communication channel hidden inside Telegram to avoid detection, scripts for injecting malicious code into legitimate Windows applications, and a redirector to conceal the attacker's real servers. The toolkit also included an automated panel that mapped out victim networks without requiring manual work.

Code in the framework was written in Russian, and the Git repository recovered during the investigation showed the framework had been used against multiple organizations listed on a ransomware data leak site.

Going deeper

The AI agents each had defined roles within the development pipeline. One coordinated the overall research and development process, while others handled testing, security hardening, and documentation. The agents reviewed published cybersecurity research to identify techniques for bypassing security tools, then built test environments, ran the techniques, and reported the outcomes automatically. The tool used to generate malicious files, known as a payload generator, produced close to 80 individual attack modules, each a self-contained file designed to carry out a specific part of the attack, tested against more than 70 different evasion approaches and after repeated refinement, the modules bypassed almost all tested security products. Researchers noted the entire workflow remained human-driven. The attacker directed the process, but the AI dramatically compressed the time between discovering a published bypass technique and having a working version ready to deploy.

What was said

Researchers told BleepingComputer that "AI tools are shortening the period between the publication of offensive security research and its practical implementation by threat actors." They added that while the tool initially appeared consistent with legitimate red team activity, further investigation revealed "artifacts that indicated malicious and criminal activity," including ransom notes and references to organizations listed on a ransomware leak site. Researchers confirmed that no AI was embedded in the deployed malware or operating independently in victim environments. AI was used to build and test the tools, not to run the attacks.

In the know

The confirmed use of AI to develop ransomware tooling follows a documented pattern of AI entering the attack chain at multiple stages in 2026. In May 2026, researchers documented the GreyVibe threat group using ChatGPT, Google Gemini, and Ideogram AI to generate phishing lures and assist in writing malware, including a tool that gave attackers remote control over infected devices by abusing PowerShell, a built-in Windows feature that can run commands silently in the background. According to BleepingComputer's coverage of the GreyVibe campaign, that group used AI at the content creation and coding stage. The framework discovered in this investigation goes further, using AI at the testing and iteration stage, automating the process of determining whether a payload defeats a specific security product and refining it until it does.

The big picture

The practical implication for healthcare organizations is not that AI-built malware is fundamentally different from human-built malware. The outputs of ransomware payloads that avoid detection are the same, what changes is the speed and scale at which attackers can develop and refine those tools. A published bypass technique that previously required weeks of manual development to weaponize can now be implemented and tested against real products in hours. Healthcare organizations whose endpoint security configurations have not been updated recently face a widening gap between the defenses they have deployed and the evasion techniques that are now being automated. The Verizon 2026 Data Breach Investigations Report found that defenders now have hours rather than months between vulnerability disclosure and active exploitation. The same compression is now documented in the time between offensive research publication and ransomware implementation.

FAQs

What does it mean that the AI workflow was entirely human-driven?

The attacker controlled what the AI agents were tasked with and reviewed the outputs. AI did not independently decide to build malware or select targets. It accelerated the development process by automating repetitive tasks like writing code variations, running tests, and documenting results, which would otherwise require manual effort and technical expertise.

How does routing command-and-control through Telegram help attackers avoid detection?

Endpoint and network security tools that flag outbound connections to unknown or suspicious IP addresses will not flag traffic to Telegram, a widely used messaging platform with a trusted reputation. Attackers using Telegram's infrastructure as a relay disguise their command traffic as legitimate Telegram activity, making it harder to distinguish from normal employee use of the app.

Why does injecting malicious code into legitimate Windows applications make detection harder?

Security tools that maintain lists of trusted applications may allow those applications to run without deep inspection. By wrapping malicious code inside a legitimate, signed executable, attackers inherit that application's trust level, reducing the probability that endpoint security tools will flag the malicious activity.

What does Active Directory discovery automation mean for a target organization?

Active Directory is the system that manages user accounts, permissions, and network access in most enterprise environments. Automated discovery maps that account for which users have administrative privileges, which systems they can access, and how the network is structured, information that attackers use to identify the fastest path from initial access to full network control and ransomware deployment.

What security practices reduce the risk from AI-accelerated malware development?

Behavioral detection that identifies what a process does rather than what it looks like reduces the effectiveness of evasion techniques that change the payload's appearance while preserving its behavior. Network monitoring that flags unusual traffic patterns, including Telegram-based command-and-control, and maintaining current endpoint security configurations that reflect the latest evasion techniques, all reduce the window between a new tool's development and its detection in the environment.